My application does not require download permission
We would like you to provide a way in the developer console to remove the download permission from our application.
We are worried about leaking access tokens.
Our application needs Box administrator privileges. Then change the folder name or delete the collaborator.
However, it does not access the content of files in box.
After obtaining a token, you can downscope it to obtain one with a more limited set of scopes. While your parent token will still have the full scope, you can generate and use the lower-privileged tokens in your application logic. Refer to this page for details https://developer.box.com/guides/authentication/access-tokens/downscope/