Tokens
Tokens
At the core of every Box API call is an Access Token. Similar to using the Box Web App, you will only be able to successfully interact with content the user associated with the Access Token either a collaborator on or owns. This can be further restricted by downscoping a token.
Types of tokens
Type | Duration |
---|---|
Access Token | 60 minutes |
Refresh Token | 60 days or one use |
Developer Token | 60 minutes |
Application Types & Access Tokens
The following shows how each application type is expected to create an Access Token.
Box Application Type | How to get Access Token |
---|---|
Custom App + OAuth 2.0 | Explicit user grant |
Custom App + JWT | Exchange a JWT assertion |
Custom App + Client Credentials Grant | Use client ID and client secret |
Limited Access App + App Token | Configure token in Developer Console |
Custom Skill | Access Token in event payload |