Join the first BoxWorks Hackathon for Good - customers, partners, and the developer community are welcome to participate in the 48 hour Hack to benefit The Nature Conservancy.

Learn more and register!

Authentication

Guides Authentication
Edit this page

Authentication

Authentication with the Box API uses an Access Token to identify a user. The way in which an Access Token is acquired depends on the method used to authorize a user. The type of authorization available to an application depends on the use-case as well as the type of application that has been created in the developer console.

Box Application TypeAuthentication methods
Custom AppOAuth 2.0, JWT, or Client Credentials Grant
Limited Access AppApp token
Custom SkillNo authentication method selection needed

Learn how to select an authorization type

Access Tokens for Authentication

Every API endpoint requires a valid and active Access Token to make API calls. An Access Token is a unique string that identifies an authenticated Box user to the API endpoints.

curl https://api.box.com/2.0/users/me \
    -H "authorization: Bearer EGmDmRVfhfHsqesn5yVYHAqUkD0dyDfk"

Learn more about Access Tokens