Configure a Box App

Configure a Box App

To use the Postman Collection the Postman application needs to authenticate to the Box API using an Access Token. The simplest way to get an Access Token is by logging into Box using a Box App.

A Box App is an application that can be used for making API calls. When using the Postman Collection you can choose to either set up your own Box App or use our preconfigured one. The key benefit of setting up your own Box App is that you won't need to go through login every hour, but it does require a few extra steps to set up.

Select a Box App to use

Use your own Box app

By using this method Postman will be able to make API calls to Box indefinitely as long as you use the app at least once every 60 days.

This method requires a bit more initial setup, yet requires less maintenance, as it will allow Postman to keep your Access Token fresh indefinitely.

Use our preconfigured Box app

By using this method Postman will be able to make API calls to Box for 1 hour before you need to go through this guide again.

This method requires less initial setup but is not able to automatically refresh the Access Token. You will need to come back to this guide every hour to refresh it.

Create a Box app

To use your own Box App you will need to create a new Box App in the Box Developer Console.

If you do not have a Box account you can sign up for a free developer account for testing purposes.

  1. Go to the Developer Console
  2. Select Create New App
  3. Select Custom App as the type of application to create, and click Next
  4. Select Standard OAuth 2.0 as the authentication method, and click Next
  5. Give your Box app a unique name and click Create App
  6. Go to the app's configuration by clicking View Your App.
  7. Scroll down to the OAuth 2.0 redirect URI configuration and set the Redirect URI to the value
  8. Scroll down to the Application Scopes section to select your desired permissions. Your application must have at least one or more of the following scopes: manage users, read all files and folders stored in Box, read and write all files and folders in Box.
  9. At the top of the page click the button to Save Changes

Copy API credentials

Once you've created a Box app, scroll down to the OAuth 2.0 Credentials section of your Box App and copy the Client ID and Client Secret into the fields below.

We will use these credentials to authenticate your application in the next step.

Security notice

Your API credentials are now stored in the browser cache. We highly recommend clearing out this storage by clicking the Reset button later in this guide.


  • You either selected to use your own Box App and

    • Signed up for a developer account (Optional)
    • Accessed the Developer Console
    • Created a Custom App that uses OAuth 2.0 authentication
    • Set up the redirect URL for the application
    • Copied the Client ID and Client Secret onto this page
  • Or selected to use our preconfigured Box App