Box Developer Documentation

Join BoxWorks 2024 to discover what's possible with content and AI!

Register now!

Developer Tokens

Developer Tokens

A Developer Token is an Access Token available to developers during development and testing. These tokens are short lived, as they expire after 60 minutes, and cannot be refreshed programmatically.

Create Developer Token

To create a Developer Token for an application:

  • Navigate to the Box Developer Console and select the application to create a Developer Token for.
  • Select the Configuration tab.
  • Under Developer Token, select Generate Developer Token.

You can also generate a Developer Token directly from My Apps view, using the menu available for each app.

Generating a Developer Token

Using Developer Token

A Developer Token can be used like any Access Token in the Authorization header of an API call.

curl https://api.box.com/2.0/users/me \
    -H "authorization: Bearer [DEVELOPER_TOKEN]"

A Developer Token is associated with the the user that is logged in to the Developer Console when the token is generated.

Our SDKs can be initialized with a Developer Token to create a basic API client.

TypeScript Gen
const { BoxClient } = require('box-typescript-sdk-gen/lib/client.generated.js');
const {
  BoxDeveloperTokenAuth,
} = require('box-typescript-sdk-gen/lib/box/developerTokenAuth.generated.js');

const auth = new BoxDeveloperTokenAuth({ token: 'DEVELOPER_TOKEN_GOES_HERE' });
const client = new BoxClient({ auth });

const me = await client.users.getUserMe();
console.log(`My user ID is ${me.id}`);
Python Gen
from box_sdk_gen import BoxClient, BoxDeveloperTokenAuth

auth = BoxDeveloperTokenAuth(token="DEVELOPER_TOKEN_GOES_HERE")
client = BoxClient(auth=auth)

me = client.users.get_user_me()
print(f"My user ID is {me.id}")
.NET Gen
using Box.Sdk.Gen;

var auth = new BoxDeveloperTokenAuth(token: "DEVELOPER_TOKEN_GOES_HERE");
var client = new BoxClient(auth: auth));

var me = await client.Users.GetUserMeAsync();
Console.WriteLine($"My user ID is {me.Id}");
Swift Gen (Beta)
import BoxSdkGen

let auth = BoxDeveloperTokenAuth(token: "DEVELOPER_TOKEN_GOES_HERE")
let client = BoxClient(auth: auth)

let me = try await client.users.getUserMe()
print("My user ID is \(me.id)")
Java
BoxAPIConnection api = new BoxAPIConnection("YOUR-DEVELOPER-TOKEN");
Python
from boxsdk import Client, OAuth2

auth = OAuth2(
    client_id='YOUR_CLIENT_ID',
    client_secret='YOUR_CLIENT_SECRET',
    access_token='DEVELOPER_TOKEN_GOES_HERE',
)
client = Client(auth)
me = client.user().get()
print(f'My user ID is {me.id}')
.NET
var config = new BoxConfigBuilder("YOUR_CLIENT_ID", "YOUR_CLIENT_SECRET", new Uri("http://localhost")).Build();
var session = new OAuthSession("YOUR_DEVELOPER_TOKEN", "N/A", 3600, "bearer");
var client = new BoxClient(config, session);
Node
var BoxSDK = require('box-node-sdk');
var sdk = new BoxSDK({
	clientID: 'YOUR-CLIENT-ID',
	clientSecret: 'YOUR-CLIENT_SECRET'
});

var client = sdk.getBasicClient('YOUR-DEVELOPER-TOKEN');

Developer tokens should not be used in production environments

Developer Tokens should only be used for development or testing purposes.

When you explicitly revoke a developer token for a given app via the Developer console, all webhooks created by that application get deleted.

Using SDKs and Developer Tokens

To learn more about Developer Tokens for each SDK head over to: