HI
We are exploring a potential integration pattern and would appreciate guidance from the community on whether this is feasible within Appian’s integration capabilities—specifically around user-specific authorization with Box when a process is triggered via email.
A user sends an email containing a Box folder link to a designated mailbox.
This email triggers an Appian process via Process Model Email Polling (this is currently working as expected).
The process then attempts to download documents from the referenced Box folder.
The key requirement is that Box access must respect the sending user’s specific Box permissions.
We plan to use OAuth 2.0 Authorization Code Grant for Box authorization from within Appian.
We are intentionally not using the JWT approach, as it requires Box admin-level permissions and provides broader access than desired.
This approach works well when initiated from the Appian UI, where the authenticated user context is available and the user can explicitly authorize Box access.
When the process is triggered via email (outside the Appian UI):
I understand that it's not possible to keep and reuse the user's previous Box authorization context from the email sent to Appian by the same user. Is there a supported method to create a user-specific Start Process link from a background process that will allow the user to successfully start the process when they click the link?
I understand that one option is to generate a site link, direct the user to the Appian UI, and allow them to initiate the process manually. However, we’re specifically trying to determine whether it’s possible to avoid this additional user click and have the process start directly from the emailed link.
Any guidance, recommended patterns, or confirmations around platform limitations would be greatly appreciated.
Below
Discussion posts and replies are publicly visible
Perhaps the answer in this post could help you? community.appian.com/.../redirect-user-to-a-task-form-using-appian-webapi
Hi James
This may still not resolve the issue since it would continue to execute the process as a System.
I think this can work since the user will have to login (unless they have a valid session) and you can kick off the process to download documents in web api and then close the window with JS. You will have to pass parameters in the link and then validate them in the web api for the given loggedinuser.That said, you are saving one click in some situations since if the user does not have a valid access token, they will have to reauthorize.If you can use OIDC token or SAML Bearer Assertion that would eliminate the need to reauthorize when the access token expires.