29 Programmatic access to Box
UA accounts have 50GB of free storage on Box and it is a UA-recommended storage location. We can also access Box programmatically through the boxr
package in R to read and write files. This is useful for automating data wrangling pipelines, for example, especially since data on Box is versioned by default.
If you only need to access Box from R from a local computer (and don’t need to be able to run things in Posit Connect or another unsupervised service), you can follow the instructions for an interactive Box app. For Posit Connect or similar capabilities, read on.
29.1 Authentication
If you intend to use boxr
as part of an automated script, use a service app to authenticate.
These instructions are adapted from the boxr
documentation with some additional UA and Posit Connect specific tips.
To authenticate to Box, you need to create an “App” at https://app.box.com/developers/console.
Click “Create New App” and choose a Custom App. There are two useful options for the authentication method. If you intend to use boxr
as part of an automated pipeline or in a Shiny app, choose “Server Authentication (with JWT)”.
You may need to wait for your app to be approved. If for some reason this is taking longer than a few days, email Garrett Flora to ask about this.
Once the app is approved, find the app in the Box developer console, click on the “Configuration” tab, and scroll to “Add and Manage Public Keys” section. Click “Generate a Public/Private Keypair” to download a JSON token.
This is where this tutorial diverges from the boxr
documentation which has you put this file in a locked directory ~/.boxr-auth/
. While that is probably more secure, it is not useful for apps deployed to GitHub actions or Posit Connect, as far as I know.
Copy the entire contents of that file into a project-level .Renviron file like so:
BOX_TOKEN_TEXT='<entire contents of token.json>'
The single quotes around the file contents are important!
Treat this token like a password and make sure this .Renviron file is NOT pushed to GitHub! Put .Renviron in your .gitignore!
Now restart R to load the .Renviron file and try authenticating with
box_auth_service(token_text = Sys.getenv("BOX_TOKEN_TEXT"))
29.2 Working with a service app on Box
You may need to create a folder that can be accessed by the service account associated with this token by using box_dir_create()
. To allow your user account to see and access that directory, you need to use box_collab_create()
, which requires a user_id
. You can find your user_id
in the “General Settings” tab of the service app on the Box dev console at the very top. I recommend inviting yourself to collaborate on a folder your service app created using role = "co-owner"
so that you can manage access for others by just going to the folder on arizona.box.com.
More about collaborative workflows here.
29.3 With Posit Connect
If you deploy a Shiny app or scheduled .Rmd document on viz.datascience.arizona.edu that needs to use boxr
to access Box, you’ll need to set a BOX_TOKEN_TEXT
secret environment variable. Find your app or document on Posit Connect and click on the “Vars” tab of the control sidebar. Paste the contents of the token.json file in as the value and give it the name BOX_TOKEN_TEXT. Be sure the code you’re running includes box_auth_service(token_text = Sys.getenv("BOX_TOKEN_TEXT"))
to authorize as the service app.
Unlike the .Renviron file, do NOT wrap the token text in single quotes on Posit Connect.
29.4 With GitHub Actions
Similarly to Posit Connect, you need to add BOX_TOKEN_TEXT as a github secret. In the YAML file for your github action, you’ll want to include something like the following to make that secret accessible to your R script as an environment variable:
jobs:
write-to-box:
runs-on: ubuntu-latest
env:
BOX_TOKEN_TEXT: ${{ secrets.BOX_TOKEN_TEXT }}
I haven’t tested boxr
with GitHub Actions, so this is just theoretical!