Currently, when you use a service account to access Box API's, in order to get access to content you need to use the As-User header "impersonate" users in order to access the files that are owned by then.

So if you are doing something like using a service account to crawl through all the files in a folder in box, you would need to use the As-User header in order to impersonate a user who owns/has access to each file while doing it.

But there is a huge problem here is that the rate limiting is done using the As-User header. The service account is not treated specially in any way and the rate limiting is done per user as if the service account actually is the user that is doing the requests.

This causes massive amounts of rate limiting when trying to access the files in the folder.

Service accounts should be treated as "app auth" and should not be restricted by the same rate limits as users.

Other cloud content providers such as Google Drive and SharePoint Online treat app-auth differently than user auth for this same reason. We are requesting that Box.com changes to do this as well.