Access Tokens

Access Tokens

Access Tokens are at the core of every Box API call. They represent an authenticated user to the Box servers and determine what files and folders an application has access to.

Learn about the different ways an app can get authorized

Application Types & Access Tokens

The following shows how each application type is expected to create an Access Token.

Box Application TypeHow to get Access Token
Custom App + OAuth 2.0Explicit user grant
Custom App + JWTExchange a JWT assertion
Custom App + Client Credentials GrantUse client ID and client secret
Limited Access App + App TokenConfigure token in Developer Console
Custom SkillAccess Token in event payload