• Additional Resources
  • Blog
Box Developer Documentation
Log in

Developer Tokens

Guides Authentication Tokens Developer Tokens
Edit this page

Required Guides

Developer Tokens

A Developer Token is an Access Token available to developers during development and testing. These tokens are short lived, as they expire after 60 minutes, and cannot be refreshed programmatically.

Create Developer Token

To create a Developer Token for an application:

  • Navigate to the Box Developer Console and select the application to create a Developer Token for.
  • Select the Configuration tab.
  • Under Developer Token, select Generate Developer Token.

Generating a Developer Token

Using Developer Token

A Developer Token can be used like any Access Token in the Authorization header of an API call.

curl https://api.box.com/2.0/users/me \
    -H "authorization: Bearer [DEVELOPER_TOKEN]"

A Developer Token is associated with the the user that is logged in to the Developer Console when the token is generated.

Our SDKs can be initialized with a Developer Token to create a basic API client.

.NET
var config = new BoxConfigBuilder("YOUR_CLIENT_ID", "YOUR_CLIENT_SECRET", new Uri("http://localhost")).Build();
var session = new OAuthSession("YOUR_DEVELOPER_TOKEN", "N/A", 3600, "bearer");
var client = new BoxClient(config, session);
Java
BoxAPIConnection api = new BoxAPIConnection("YOUR-DEVELOPER-TOKEN");
Python
from boxsdk import Client, OAuth2

auth = OAuth2(
    client_id='YOUR_CLIENT_ID',
    client_secret='YOUR_CLIENT_SECRET',
    access_token='DEVELOPER_TOKEN_GOES_HERE',
)
client = Client(auth)
me = client.user().get()
print(f'My user ID is {me.id}')
Node
var BoxSDK = require('box-node-sdk');
var sdk = new BoxSDK({
	clientID: 'YOUR-CLIENT-ID',
	clientSecret: 'YOUR-CLIENT_SECRET'
});

var client = sdk.getBasicClient('YOUR-DEVELOPER-TOKEN');
TypeScript (Beta)
const { BoxClient } = require('box-typescript-sdk-gen/lib/client.generated.js');
const {
  BoxDeveloperTokenAuth,
} = require('box-typescript-sdk-gen/lib/developerTokenAuth.generated.js');

const auth = new BoxDeveloperTokenAuth({ token: 'DEVELOPER_TOKEN_GOES_HERE' });
const client = new BoxClient({ auth });

const me = await client.users.getUserMe();
console.log(`My user ID is ${me.id}`);
Python (Beta)
from box_sdk_gen.client import BoxClient
from box_sdk_gen.developer_token_auth import BoxDeveloperTokenAuth

auth = BoxDeveloperTokenAuth(token='DEVELOPER_TOKEN_GOES_HERE')
client = BoxClient(auth=auth)

me = client.users.get_user_me()
print(f'My user ID is {me.id}')

Developer tokens should not be used in production environments

Developer Tokens should only be used for development or testing purposes.

When you explicitly revoke a developer token for a given app via the Developer console, all webhooks created by that application get deleted.

Using SDKs and Developer Tokens

To learn more about Developer Tokens for each SDK head over to: