{"id":20119588,"url":"https://github.com/box/box-java-sdk","last_synced_at":"2026-04-01T17:35:21.140Z","repository":{"id":22373017,"uuid":"25709466","full_name":"box/box-java-sdk","owner":"box","description":"The Box SDK for Java.","archived":false,"fork":false,"pushed_at":"2026-03-26T17:45:06.000Z","size":165856,"stargazers_count":164,"open_issues_count":18,"forks_count":187,"subscribers_count":38,"default_branch":"main","last_synced_at":"2026-03-27T06:46:06.831Z","etag":null,"topics":["hacktoberfest"],"latest_commit_sha":null,"homepage":"http://opensource.box.com/box-java-sdk/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/box.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2014-10-24T21:39:01.000Z","updated_at":"2026-03-26T16:27:47.000Z","dependencies_parsed_at":"2023-02-16T20:15:37.060Z","dependency_job_id":"0854a43f-9018-4907-af51-86f253b44fe4","html_url":"https://github.com/box/box-java-sdk","commit_stats":null,"previous_names":[],"tags_count":151,"template":false,"template_full_name":null,"purl":"pkg:github/box/box-java-sdk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/box%2Fbox-java-sdk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/box%2Fbox-java-sdk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/box%2Fbox-java-sdk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/box%2Fbox-java-sdk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/box","download_url":"https://codeload.github.com/box/box-java-sdk/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/box%2Fbox-java-sdk/sbom","scorecard":{"id":249330,"data":{"date":"2025-08-11","repo":{"name":"github.com/box/box-java-sdk","commit":"bb864726a1e985b46bd48f42f03abbd3777d1270"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":9,"reason":"Found 29/30 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":5,"reason":"5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build-main.yml:1","Warn: no topLevel permission defined: .github/workflows/integration-tests.yml:1","Warn: no topLevel permission defined: .github/workflows/releases.yml:1","Warn: no topLevel permission defined: .github/workflows/semantic-pr.yml:1","Warn: no topLevel permission defined: .github/workflows/spell-check-lint.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":9,"reason":"binaries present in source code","details":["Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/box/box-java-sdk/build-main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-main.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/box/box-java-sdk/build-main.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/box/box-java-sdk/integration-tests.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration-tests.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/box/box-java-sdk/integration-tests.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/releases.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/box/box-java-sdk/releases.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/semantic-pr.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/box/box-java-sdk/semantic-pr.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spell-check-lint.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/box/box-java-sdk/spell-check-lint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/spell-check-lint.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/box/box-java-sdk/spell-check-lint.yml/main?enable=pin","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v4.16.3 not signed: https://api.github.com/repos/box/box-java-sdk/releases/234589921","Warn: release artifact v4.16.2 not signed: https://api.github.com/repos/box/box-java-sdk/releases/222452846","Warn: release artifact v4.16.1 not signed: https://api.github.com/repos/box/box-java-sdk/releases/215467828","Warn: release artifact v4.16.0 not signed: https://api.github.com/repos/box/box-java-sdk/releases/212433186","Warn: release artifact v4.15.3 not signed: https://api.github.com/repos/box/box-java-sdk/releases/205324513","Warn: release artifact v4.16.3 does not have provenance: https://api.github.com/repos/box/box-java-sdk/releases/234589921","Warn: release artifact v4.16.2 does not have provenance: https://api.github.com/repos/box/box-java-sdk/releases/222452846","Warn: release artifact v4.16.1 does not have provenance: https://api.github.com/repos/box/box-java-sdk/releases/215467828","Warn: release artifact v4.16.0 does not have provenance: https://api.github.com/repos/box/box-java-sdk/releases/212433186","Warn: release artifact v4.15.3 does not have provenance: https://api.github.com/repos/box/box-java-sdk/releases/205324513"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":9,"reason":"SAST tool is not run on all commits -- score normalized to 9","details":["Warn: 28 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T08:10:13.278Z","repository_id":22373017,"created_at":"2025-08-17T08:10:13.278Z","updated_at":"2025-08-17T08:10:13.278Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290537,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest"],"created_at":"2024-11-13T19:16:13.087Z","updated_at":"2026-04-01T17:35:21.110Z","avatar_url":"https://github.com/box.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/box/sdks/blob/master/images/box-dev-logo.png\" alt= “box-dev-logo” width=\"30%\" height=\"50%\"\u003e\n\u003c/p\u003e\n\n# Box Java SDK v10\n\n[![Project Status](http://opensource.box.com/badges/active.svg)](http://opensource.box.com/badges)\n![build](https://github.com/box/box-java-sdk/actions/workflows/build.yml/badge.svg?branch=main)\n![Maven Central Version](https://img.shields.io/maven-central/v/com.box/box-java-sdk)\n![Platform](https://img.shields.io/badge/java-%3E%3D8-blue)\n[![Coverage](https://coveralls.io/repos/github/box/box-java-sdk/badge.svg?branch=main)](https://coveralls.io/github/box/box-java-sdk-gen?branch=main)\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n- [Introduction](#introduction)\n- [Supported versions](#supported-versions)\n  - [Version v5](#version-v5)\n  - [Version v10](#version-v10)\n  - [Which Version Should I Use?](#which-version-should-i-use)\n- [Installing](#installing)\n- [Getting Started](#getting-started)\n- [Authentication](#authentication)\n- [Documentation](#documentation)\n- [Migration guides](#migration-guides)\n- [Versioning](#versioning)\n  - [Version schedule](#version-schedule)\n- [Contributing](#contributing)\n- [3rd Party Libraries \u0026 Licenses](#3rd-party-libraries--licenses)\n- [FIPS 140-2 Compliance](#fips-140-2-compliance)\n- [Questions, Bugs, and Feature Requests?](#questions-bugs-and-feature-requests)\n- [Copyright and License](#copyright-and-license)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n# Introduction\n\nWe are excited to introduce the v10 major release of the Box Java SDK,\ndesigned to elevate the developer experience and streamline your integration with the Box Content Cloud.\n\nWith this SDK version, we provide the `com.box.sdkgen` package, which gives you access to:\n\n1. Full API Support: The new generation of Box SDKs empowers developers with complete coverage of the Box API ecosystem. You can now access all the latest features and functionalities offered by Box, allowing you to build even more sophisticated and feature-rich applications.\n2. Rapid API Updates: Say goodbye to waiting for new Box APIs to be incorporated into the SDK. With our new auto-generation development approach, we can now add new Box APIs to the SDK at a much faster pace (in a matter of days). This means you can leverage the most up-to-date features in your applications without delay.\n3. Embedded Documentation: We understand that easy access to information is crucial for developers. With our new approach, we have included comprehensive documentation for all objects and parameters directly in the source code of the SDK. This means you no longer need to look up this information on the developer portal, saving you time and streamlining your development process.\n4. Enhanced Convenience Methods: Our commitment to enhancing your development experience continues with the introduction of convenience methods. These methods cover various aspects such as chunk uploads, classification, and much more.\n5. Seamless Start: The new SDKs integrate essential functionalities like authentication, automatic retries with exponential backoff, exception handling, request cancellation, and type checking, enabling you to focus solely on your application's business logic.\n\nEmbrace the new generation of Box SDKs and unlock the full potential of the Box Content Cloud.\n\n# Supported versions\n\nTo enhance developer experience, we have introduced the new generated codebase through the `com.box.sdkgen` package.\nThe `com.box.sdkgen` package is available in two major supported versions: v5 and v10.\n\n## Version v5\n\nIn v5 of the Box Java SDK, we are introducing a version that consolidates both the manually written package (`com.box.sdk`)\nand the new generated package (`com.box.sdkgen`). This allows developers to use both packages simultaneously within a single project.\n\nThe codebase for v5 of the Box Java SDK is currently available on the [combined-sdk](https://github.com/box/box-java-sdk/tree/combined-sdk) branch.\nMigration guide which would help with migration from `com.box.sdk` to `com.box.sdkgen` can be found [here](./migration-guides/from-com.box.sdk-to-com.box.sdkgen.md).\n\nVersion v5 is intended for:\n\n- Existing developers of the Box Java SDK v4 who want to access new API features while keeping their current codebase largely unchanged.\n- Existing developers who are in the process of migrating to `com.box.sdkgen`, but do not want to move all their code to the new package immediately.\n\n## Version v10\n\nStarting with v10, the SDK is built entirely on the generated `com.box.sdkgen` package, which fully and exclusively replaces the old `com.box.sdk` package.\nThe codebase for v10 of the Box Java SDK is currently available on the [main](https://github.com/box/box-java-sdk/tree/main) branch.\n\nVersion v10 is intended for:\n\n- New users of the Box Java SDK.\n- Developers already working with the generated Box Java SDK previously available under the [Box Java SDK Gen repository](https://github.com/box/box-java-sdk-gen).\n\n## Which Version Should I Use?\n\n| Scenario                                                                                                                                                                                   | Recommended Version                                                    | Example gradle dependency     |\n| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------- | ----------------------------- |\n| Creating a new application                                                                                                                                                                 | Use [v10](https://github.com/box/box-java-sdk/tree/main)               | `com.box:box-java-sdk:10.0.0` |\n| App using [box-java-sdk-gen](https://central.sonatype.com/artifact/com.box/box-java-sdk-gen) artifact                                                                                      | Migrate to [v10](https://github.com/box/box-java-sdk/tree/main)        | `com.box:box-java-sdk:10.0.0` |\n| App using both [box-java-sdk-gen](https://central.sonatype.com/artifact/com.box/box-java-sdk-gen) and [box-java-sdk](https://central.sonatype.com/artifact/com.box/box-java-sdk) artifacts | Upgrade to [v5](https://github.com/box/box-java-sdk/tree/combined-sdk) | `com.box:box-java-sdk:5.0.0`  |\n| App using v4 of [box-java-sdk](https://central.sonatype.com/artifact/com.box/box-java-sdk) artifact                                                                                        | Upgrade to [v5](https://github.com/box/box-java-sdk/tree/combined-sdk) | `com.box:box-java-sdk:5.0.0`  |\n\nFor full guidance on SDK versioning, see the [Box SDK Versioning Guide](https://developer.box.com/guides/tooling/sdks/sdk-versioning/).\n\n# Installing\n\nThe SDK is available on [Maven Central Repository](https://mvnrepository.com/artifact/com.box/box-java-sdk). To include the SDK in your project, add the following dependency to your `pom.xml` file:\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.box\u003c/groupId\u003e\n    \u003cartifactId\u003ebox-java-sdk\u003c/artifactId\u003e\n    \u003cversion\u003eVERSION\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\nTo include the SDK in your project using Gradle, add the following dependency to your `build.gradle` file:\n\n```gradle\nimplementation 'com.box:box-java-sdk:VERSION'\n```\n\nWhere `VERSION` is the version of the SDK you want to use. The next generation of the SDK starts with version `10.0.0`.\nYou can find the latest version in the [Maven Central Repository](https://mvnrepository.com/artifact/com.box/box-java-sdk).\n\n# Getting Started\n\nTo get started with the SDK, get a Developer Token from the Configuration page of your app in the [Box Developer\nConsole](https://app.box.com/developers/console). You can use this token to make test calls for your own Box account.\n\nThe SDK provides an `BoxDeveloperTokenAuth` class, which allows you to authenticate using your Developer Token.\nUse instance of `BoxDeveloperTokenAuth` to initialize `BoxClient` object.\nUsing `BoxClient` object you can access managers, which allow you to perform some operations on your Box account.\n\nThe example below demonstrates how to authenticate with Developer Token and print names of all items inside a root folder.\n\n```java\nBoxDeveloperTokenAuth auth = new BoxDeveloperTokenAuth(\"DEVELOPER_TOKEN\");\nBoxClient client = new BoxClient(auth);\nclient.folders.getFolderItems(\"0\").getEntries().forEach(item -\u003e {\n   System.out.println(item.toString());\n});\n```\n\n# Authentication\n\nBox Java SDK v10 supports multiple authentication methods including Developer Token, OAuth 2.0,\nClient Credentials Grant, and JSON Web Token (JWT).\n\nYou can find detailed instructions and example code for each authentication method in\n[Authentication](./docs/authentication.md) document.\n\n# Documentation\n\nBrowse the [docs](docs/README.md) or see [API Reference](https://developer.box.com/reference/) for more information.\n\n# Migration guides\n\nMigration guides which help you to migrate to supported major SDK versions can be found [here](./migration-guides).\n\n# Versioning\n\nWe use a modified version of [Semantic Versioning](https://semver.org/) for all changes. See [version strategy](VERSIONS.md) for details which is effective from 30 July 2022.\n\nA current release is on the leading edge of our SDK development, and is intended for customers who are in active development and want the latest and greatest features.  \nInstead of stating a release date for a new feature, we set a fixed minor or patch release cadence of maximum 2-3 months (while we may release more often).\nAt the same time, there is no schedule for major or breaking release. Instead, we will communicate one quarter in advance the upcoming breaking change to allow customers to plan for the upgrade.\n\nWe always recommend that all users run the latest available minor release for whatever major version is in use.\nWe highly recommend upgrading to the latest SDK major release at the earliest convenient time and before the EOL date.\n\n## Version schedule\n\n| Version | Supported Environments | State     | First Release | EOL/Terminated         |\n| ------- | ---------------------- | --------- | ------------- | ---------------------- |\n| 10      | Java 8 and up          | Supported | 17 Sep 2025   | TBD                    |\n| 5       | Java 8 and up          | Supported | 23 Oct 2025   | 2027 or v6 is released |\n| 4       | Java 8 and up          | EOL       | 17 Jan 2023   | 23 Oct 2025            |\n| 3       | Java 8 and up          | EOL       | 17 Jan 2022   | 17 Jan 2023            |\n| 2       |                        | EOL       | 07 Jan 2016   | 17 Jan 2022            |\n| 1       |                        | EOL       | 15 Apr 2015   | 07 Jan 2016            |\n\n# Contributing\n\nSee [CONTRIBUTING.md](./CONTRIBUTING.md).\n\n# 3rd Party Libraries \u0026 Licenses\n\nThe Java SDK uses third-party libraries that are required for usage. Their licenses are listed below:\n\n1. [jackson-annotations v2.17.2](https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations/2.17.2)\n   Maven: `com.fasterxml.jackson.core:jackson-annotations:2.17.2`\n   Licence: [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0)\n2. [jackson-core v2.17.2](https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core/2.17.2)\n   Maven: `com.fasterxml.jackson.core:jackson-core:2.17.2`\n   Licence: [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0)\n3. [jackson-databind v2.17.2](https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind/2.17.2)\n   Maven: `com.fasterxml.jackson.core:jackson-databind:2.17.2`\n   Licence: [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0)\n4. [okhttp v4.12.0](https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp/4.12.0)\n   Maven: `com.squareup.okhttp3:okhttp:4.12.0`\n   Licence: [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0)\n5. [okio v3.5.0](https://mvnrepository.com/artifact/com.squareup.okio/okio/3.5.0)\n   Maven: `com.squareup.okio:okio:3.5.0`\n   Licence: [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0)\n6. [jose4j v0.9.6](https://mvnrepository.com/artifact/org.bitbucket.b_c/jose4j/0.9.6)\n   Maven: `org.bitbucket.b_c:jose4j:0.9.6`\n   Licence: [Apache 2.0](https://www.apache.org/licenses/LICENSE-2.0)\n7. [bcprov-jdk18on v1.82](https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on/1.82)\n   Maven: `org.bouncycastle:bcprov-jdk18on:1.82`\n   Licence: [MIT](https://opensource.org/licenses/MIT)\n8. [bcpkix-jdk18on v1.82](https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk18on/1.82)\n   Maven: `org.bouncycastle:bcpkix-jdk18on:1.82`\n   Licence: [MIT](https://opensource.org/licenses/MIT)\n\nThe following libraries are required for running tests:\n\n1. [junit-jupiter-api v5.10.0](https://mvnrepository.com/artifact/org.junit.jupiter/junit-jupiter-api/5.10.0)\n   Maven: `org.junit.jupiter:junit-jupiter-api:5.10.0`\n   Licence: [EPL 2.0](https://www.eclipse.org/legal/epl-2.0/)\n2. [junit-jupiter-engine v5.10.0](https://mvnrepository.com/artifact/org.junit.jupiter/junit-jupiter-engine/5.10.0)\n   Maven: `org.junit.jupiter:junit-jupiter-engine:5.10.0`\n   Licence: [EPL 2.0](https://www.eclipse.org/legal/epl-2.0/)\n\n# FIPS 140-2 Compliance\n\nTo generate a Json Web Signature used for retrieving tokens in the JWT authentication method, the Box Java SDK decrypts an encrypted private key.\nFor this purpose, Box Java SDK uses libraries (`org.bouncycastle:bcpkix-jdk18on:1.82` and `org.bouncycastle:bcprov-jdk18on:1.82`)\nthat are NOT compatible with FIPS 140-2 validated cryptographic library (`org.bouncycastle:bc-fips`).\n\nThere are two ways of ensuring that decryption operation is FIPS-compiant.\n\n1. You can provide a custom implementation of the `IPrivateKeyDecryptor` interface,\n   which performs the decryption operation using FIPS-certified library of your choice.\n   The interface requires the implementation of just one method:\n\n```java\nPrivateKey decryptPrivateKey(String encryptedPrivateKey, String passphrase);\n```\n\nAfter implementing the custom decryptor, you need to set your custom decryptor class:\n\n```java\nJWTConfig newConfig = JWTConfig.fromConfigFile(JWT_CONFIG_PATH, customDecryptor);\nBoxJWTAuth auth = new BoxJWTAuth(jwtConfig);\nBoxClient client = new BoxClient(auth);\n```\n\n2. Alternative method is to override the Bouncy Castle libraries to the v.1.57 version,\n   which are compatible with the FIPS 140-2 validated cryptographic library (`org.bouncycastle:bc-fips`).\n\nNOTE: This solution is not recommended as Bouncy Castle v.1.57 has some moderate vulnerabilities reported against those versions, including:\n\n- [CVE-2020-26939](https://github.com/advisories/GHSA-72m5-fvvv-55m6) - Observable Differences in Behavior to Error Inputs in Bouncy Castle\n- [CVE-2020-15522](https://github.com/advisories/GHSA-6xx3-rg99-gc3p) - Timing based private key exposure in Bouncy Castle\n\nFurthermore,using Bouncy Castle v.1.57 may lead to [Bouncycastle BadPaddingException for JWT auth](#bouncycastle-badPaddingException-for-jWT-auth).\n\nGradle example\n\n```groovy\nimplementation('com.box:box-java-sdk:x.y.z') {\n   exclude group: 'org.bouncycastle', module: 'bcprov-jdk18on'\n   exclude group: 'org.bouncycastle', module: 'bcpkix-jdk18on'\n}\nruntimeOnly('org.bouncycastle:bcprov-jdk15on:1.57')\nruntimeOnly('org.bouncycastle:bcpkix-jdk15on:1.57')\n```\n\nMaven example:\n\n```xml\n\u003cdependencies\u003e\n   \u003cdependency\u003e\n      \u003cgroupId\u003ecom.box\u003c/groupId\u003e\n      \u003cartifactId\u003ebox-java-sdk\u003c/artifactId\u003e\n      \u003cversion\u003ex.y.z\u003c/version\u003e\n      \u003cscope\u003ecompile\u003c/scope\u003e\n      \u003cexclusions\u003e\n        \u003cexclusion\u003e\n          \u003cgroupId\u003eorg.bouncycastle\u003c/groupId\u003e\n          \u003cartifactId\u003ebcprov-jdk18on\u003c/artifactId\u003e\n        \u003c/exclusion\u003e\n         \u003cexclusion\u003e\n            \u003cgroupId\u003eorg.bouncycastle\u003c/groupId\u003e\n            \u003cartifactId\u003ebcpkix-jdk18on\u003c/artifactId\u003e\n         \u003c/exclusion\u003e\n      \u003c/exclusions\u003e\n   \u003c/dependency\u003e\n   \u003cdependency\u003e\n      \u003cgroupId\u003eorg.bouncycastle\u003c/groupId\u003e\n      \u003cartifactId\u003ebcprov-jdk15on\u003c/artifactId\u003e\n      \u003cversion\u003e1.57\u003c/version\u003e\n      \u003cscope\u003eruntime\u003c/scope\u003e\n   \u003c/dependency\u003e\n   \u003cdependency\u003e\n      \u003cgroupId\u003eorg.bouncycastle\u003c/groupId\u003e\n      \u003cartifactId\u003ebcpkix-jdk15on\u003c/artifactId\u003e\n      \u003cversion\u003e1.57\u003c/version\u003e\n      \u003cscope\u003eruntime\u003c/scope\u003e\n   \u003c/dependency\u003e\n\u003c/dependencies\u003e\n```\n\n# Questions, Bugs, and Feature Requests?\n\nNeed to contact us directly? [Browse the issues tickets](https://github.com/box/box-java-sdk/issues)! Or, if that\ndoesn't work, [file a new one](https://github.com/box/box-java-sdk/issues/new), and we will get\nback to you. If you have general questions about the Box API, you can post to the [Box Developer Forum](https://community.box.com/box-platform-5).\n\n# Copyright and License\n\nCopyright 2025 Box, Inc. All rights reserved.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbox%2Fbox-java-sdk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbox%2Fbox-java-sdk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbox%2Fbox-java-sdk/lists"}