Access Tokens are at the core of every Box API call. They represent an authenticated user to the Box servers and determine what files and folders an application has access to.
The following shows how each application type is expected to create an Access Token.
|Box Application Type||How to get Access Token|
|Custom App + OAuth 2.0||Explicit user grant|
|Custom App + JWT||Exchange a JWT assertion|
|Custom App + App Token||Configure token in developer console|
|Enterprise Integration + OAuth 2.0||Explicit user grant|
|Enterprise Integration + JWT||Exchange a JWT assertion|
|Partner Integration + App Token||Configure token in developer console|
|Custom Skill||Access Token in event payload|