> ## Documentation Index
> Fetch the complete documentation index at: https://developer.box.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Authorize user
> Authorize a user by sending them through the [Box](https://box.com) website and request their permission to act on their behalf.
This is the first step when authenticating a user using OAuth 2.0. To request a user's authorization to use the Box APIs on their behalf you will need to send a user to the URL with this format.
This endpoint is in the version **2024.0**. No changes are required to continue using it. For more details, see **[Box API versioning](/guides/api-calls/api-versioning-strategy)**.
Learn more about [Box SDK versioning strategy](/guides/tooling/sdks/sdk-versioning/).
## OpenAPI
````yaml /box-openapi.json GET /authorize
openapi: 3.0.2
info:
title: Box Platform API
description: >-
[Box Platform](https://developer.box.com) provides functionality to provide
access to content stored within [Box](https://box.com). It provides
endpoints for basic manipulation of files and folders, management of users
within an enterprise, as well as more complex topics such as legal holds and
retention policies.
termsOfService: https://cloud.app.box.com/s/rmwxu64h1ipr41u49w3bbuvbsa29wku9
contact:
name: Box, Inc
url: https://developer.box.com
email: devrel@box.com
license:
name: Apache-2.0
url: https://www.apache.org/licenses/LICENSE-2.0
version: '2024.0'
x-box-commit-hash: 95117b97f9
servers:
- url: https://api.box.com/2.0
description: Box Platform API server.
security:
- OAuth2Security: []
tags:
- name: AI
description: A set of endpoints used to interact with supported LLMs.
x-box-tag: ai
- name: AI Studio
description: A set of endpoints used to interact with AI Studio.
x-box-tag: ai_studio
- name: App item associations
x-box-tag: app_item_associations
- name: Authorization
description: A set of endpoints used to manage user authorization process.
x-box-tag: authorization
x-box-priority: true
- name: Box Sign requests
description: Box Sign requests are used to submit a file for signature.
x-box-tag: sign_requests
- name: Classifications
description: >-
Classification labels are used for content that is sensitive or under
security restrictions.
x-box-tag: classifications
- name: Classifications on files
description: >-
Classification labels are used for files that are sensitive or under
security restrictions.
x-box-tag: file_classifications
- name: Classifications on folders
description: >-
Classification labels are used for folders that are sensitive or under
security restrictions.
x-box-tag: folder_classifications
- name: Collaborations
description: >-
Collaborations define access permissions for users and groups to files and
folders, similar to access control lists.
x-box-tag: user_collaborations
- name: Collaborations (List)
description: >-
A set of endpoints used to retrieve file, folder, pending, and group
collaborations.
x-box-tag: list_collaborations
- name: Collections
description: >-
Collections are a way to group files, folders, and web links without
putting them all into a folder.
x-box-tag: collections
- name: Comments
description: >-
Comments are messages generated users on files, allowing users to
collaborate on a file, discussing any feedback they might have on the
content.
x-box-tag: comments
- name: Device pinners
description: >-
Device pinners allow enterprises to control what devices can use native
Box applications.
x-box-tag: device_pinners
- name: Domain restrictions (User exemptions)
description: >-
A set of endpoints that allow exempting users from restrictions imposed by
the list of allowed collaboration domains for a specific enterprise.
x-box-tag: collaboration_allowlist_exempt_targets
- name: Domain restrictions for collaborations
description: >-
A set of endpoints that manage domains for which users can collaborate
with files and folders in an enterprise.
x-box-tag: collaboration_allowlist_entries
- name: Downloads
description: >-
Downloads allow saving files to the application's server, or directly by
the end user in a browser.
x-box-tag: downloads
- name: Email aliases
description: >-
Email aliases provide a list of emails additional to the user's primary
login email.
x-box-tag: email_aliases
- name: Events
description: >-
Events provide a way for an application to subscribe to any actions
performed by any user, users, or service in an enterprise.
x-box-tag: events
- name: File requests
description: >-
File Requests provide a fast and secure way to request files and
associated metadata from anyone. Users can create new file requests based
on an existing file request, update file request settings, activate,
deactivate, and delete file requests programmatically.
x-box-tag: file_requests
- name: File version legal holds
description: >-
A legal hold is a process that an enterprise can use to preserve all forms
of potentially relevant information when litigation is pending or
reasonably anticipated. A File Version Legal Hold represents all the
policies that are assigned to a specific file version.
x-box-tag: file_version_legal_holds
- name: File version retentions
description: >-
A retention policy blocks permanent deletion of content for a specified
amount of time. A file version retention is a record for a retained file.
x-box-tag: file_version_retentions
- name: File versions
description: A set of endpoints used to manage specific versions of a file.
x-box-tag: file_versions
- name: Files
description: >-
Files, together with Folders, are at the core of the Box API. Files can be
uploaded and downloaded, as well as hold important metadata information
about the content.
x-box-tag: files
- name: Folder Locks
description: >-
Folder locks define access restrictions placed by folder owners to prevent
specific folders from being moved or deleted.
x-box-tag: folder_locks
- name: Folders
description: >-
Folders, together with Files, are at the core of the Box API. Folders can
be uploaded and downloaded, as well as hold important metadata information
about the content.
x-box-tag: folders
- name: Integration mappings
description: >-
Integration Mappings allow the users to manage where content from partner
apps is stored in Box.
x-box-tag: integration_mappings
- name: Group memberships
description: Group memberships signify that a user is a part of the group.
x-box-tag: memberships
- name: Groups
description: Groups created in an enterprise.
x-box-tag: groups
- name: Invites
description: Invites are used to invite the user to an enterprise.
x-box-tag: invites
- name: Legal hold policies
description: >-
A legal hold is a process that an enterprise can use to preserve all forms
of potentially relevant information when litigation is pending or
reasonably anticipated.
x-box-tag: legal_hold_policies
- name: Legal hold policy assignments
description: >-
A Legal Hold Policy Assignment is a relation between a policy and
custodian. In this case, as custodian can be a user, folder, file, or file
version.
x-box-tag: legal_hold_policy_assignments
- name: Metadata cascade policies
description: >-
A metadata cascade policy describes how metadata instances applied to a
folder should be applied to any item within that folder.
x-box-tag: metadata_cascade_policies
- name: Metadata instances (Files)
description: >-
A metadata instance describes the relation between a template and a file,
including the values that are assigned for every field.
x-box-tag: file_metadata
- name: Metadata instances (Folders)
description: >-
A metadata instance describes the relation between a template and a
folder, including the values that are assigned for every field.
x-box-tag: folder_metadata
- name: Metadata taxonomies
description: >-
A metadata taxonomy is a hierarchical classification system that helps
organize and manage metadata within an enterprise.
x-box-tag: metadata_taxonomies
- name: Metadata templates
description: >-
A metadata template describes a reusable set of key/value pairs that can
be assigned to a file.
x-box-tag: metadata_templates
- name: Recent items
description: >-
Recent items represent items such as files or folders that the user
accessed recently.
x-box-tag: recent_items
- name: Retention policies
description: >-
A retention policy blocks permanent deletion of content for a specified
amount of time. Admins can create retention policies and then assign them
to specific folders or their entire enterprise.
x-box-tag: retention_policies
- name: Retention policy assignments
description: >-
A Retention Policy Assignment is a relation between a policy and folder or
enterprise. Creating an assignment puts a retention on all the file
versions that belong to that folder or enterprise.
x-box-tag: retention_policy_assignments
- name: Search
description: >-
The Box API provides a way to find content in Box using full-text search
queries.
x-box-tag: search
- name: Session termination
description: >-
Session termination API is used to validate the roles and permissions of
the group, and creates asynchronous jobs to terminate the group's
sessions.
x-box-tag: session_termination
- name: Shared links (Files)
description: >-
Files shared links are URLs that are generated for files stored in Box,
which provide direct, read-only access to the resource.
x-box-tag: shared_links_files
- name: Shared links (Folders)
description: >-
Folders shared links are URLs that are generated for folders stored in
Box, which provide direct, read-only access to the resource.
x-box-tag: shared_links_folders
- name: Shared links (Web Links)
description: >-
Web links for files are URLs that are generated for web links in Box,
which provide direct, read-only access to the resource.
x-box-tag: shared_links_web_links
- name: Shared links (App Items)
description: >-
URLs generated for app items stored in Box, which provide direct,
read-only access to the resource.
x-box-tag: shared_links_app_items
- name: Shield information barriers
description: >-
Shield information barrier in Box defines an ethical wall. An ethical wall
is a mechanism that prevents exchanges or communication that could lead to
conflicts of interest and therefore result in business activities
ethically or legally questionable.
x-box-tag: shield_information_barriers
- name: Shield information barrier segments
description: >-
Shield information barrier segment represents a defined group of users. A
user can be a member of only one segment, which makes segments different
from groups.
x-box-tag: shield_information_barrier_segments
- name: Shield information barrier segment members
description: >-
Shield information barrier segment member represents a user that is
assigned to a specific segment.
x-box-tag: shield_information_barrier_segment_members
- name: Shield information barrier reports
description: >-
Shield information barrier reports contain information on what existing
collaborations will be removed permanently when the information barrier is
enabled.
x-box-tag: shield_information_barrier_reports
- name: Shield information barrier segment restrictions
description: >-
Shield information barrier segment restriction is an access restriction
based on the content (file or folder) owner.
x-box-tag: shield_information_barrier_segment_restrictions
- name: Box Sign templates
description: >-
Sign templates allow you to use a predefined Box Sign template when
creating a signature request. The template includes placeholders that are
automatically populated with data when creating the request.
x-box-tag: sign_templates
- name: Skills
description: >-
Box Skills are designed to allow custom processing of files uploaded to
Box, with the intent of enhancing the underlying metadata of the file.
x-box-tag: skills
- name: Standard and Zones Storage Policies
description: >-
Storage policy assignment represents the storage zone for items in a given
enterprise.
x-box-tag: storage_policies
- name: Standard and Zones Storage Policy Assignments
description: >-
Storage policy assignment represents the relation between storage zone and
the assigned item (for example a file stored in a specific zone).
x-box-tag: storage_policy_assignments
- name: Task assignments
description: >-
A task assignment defines which task is assigned to which user to
complete.
x-box-tag: task_assignments
- name: Tasks
description: >-
Tasks allow users to request collaborators on a file to review a file or
complete a piece of work. Tasks can be used by developers to create
file-centric workflows.
x-box-tag: tasks
- name: Terms of service
description: A set of endpoints used to manage terms of service agreements.
x-box-tag: terms_of_services
- name: Terms of service user statuses
description: >-
A set of endpoints used to manage the status of terms of service for a
particular user.
x-box-tag: terms_of_service_user_statuses
- name: Transfer folders
description: >-
API designed to move all of the items (files, folders and workflows) owned
by a user into another user's account.
x-box-tag: transfer
- name: Trashed files
description: Files that were deleted and are in trash.
x-box-tag: trashed_files
- name: Trashed folders
description: Folders that were deleted and are in trash.
x-box-tag: trashed_folders
- name: Trashed items
description: Items that were deleted and are in trash.
x-box-tag: trashed_items
- name: Trashed web links
description: Web links that were deleted and are in trash.
x-box-tag: trashed_web_links
- name: Uploads
description: >-
The direct file upload API supports files up to 50MB in size and sends all
the binary data to the Box API in 1 API request.
x-box-tag: uploads
- name: Uploads (Chunked)
description: >-
The chunked upload endpoints support files from 20MB in size and allow an
application to upload the file in parts, allowing for more control to
catch any errors and retry parts individually.
x-box-tag: chunked_uploads
- name: User avatars
description: >-
User avatars are JPG or PNG files uploaded to Box to represent the user
image. They are then displayed in the user account.
x-box-tag: avatars
- name: Users
description: >-
Box API supports a variety of users, ranging from real employees logging
in with their Managed User account, to applications using App Users to
drive powerful automation workflows.
x-box-tag: users
- name: Watermarks (Files)
description: >-
A watermark is a semi-transparent overlay on an embedded file preview that
displays a viewer's email address or user ID and the time of access over
the file.
x-box-tag: file_watermarks
- name: Watermarks (Folders)
description: >-
A watermark is a semi-transparent overlay on an embedded folder preview
that displays a viewer's email address or user ID and the time of access
over the folder content.
x-box-tag: folder_watermarks
- name: Web links
description: >-
Web links are objects that point to URLs. These objects are also known as
bookmarks within the Box web application.
x-box-tag: web_links
- name: Webhooks
description: >-
Webhooks allow you to monitor Box content for events, and receive
notifications to a URL of your choice when they occur. For example, a
workflow may include waiting for a file to be downloaded to delete a
shared link.
x-box-tag: webhooks
- name: Workflows
description: >-
Box Relay Workflows are objects that represent a named collection of
flows.
x-box-tag: workflows
- name: Zip Downloads
description: >-
Zip downloads represent a successful request to create a ZIP archive with
files and folders.
x-box-tag: zip_downloads
externalDocs:
description: Box Developer Documentation.
url: https://developer.box.com
paths:
/authorize:
get:
tags:
- Authorization
summary: Authorize user
description: >-
Authorize a user by sending them through the [Box](https://box.com)
website and request their permission to act on their behalf.
This is the first step when authenticating a user using OAuth 2.0. To
request a user's authorization to use the Box APIs on their behalf you
will need to send a user to the URL with this format.
operationId: get_authorize
parameters:
- name: response_type
in: query
description: The type of response we'd like to receive.
required: true
schema:
type: string
format: token
enum:
- code
example: code
- name: client_id
in: query
description: >-
The Client ID of the application that is requesting to authenticate
the user. To get the Client ID for your application, log in to your
Box developer console and click the **Edit Application** link for
the application you're working with. In the OAuth 2.0 Parameters
section of the configuration page, find the item labelled
`client_id`. The text of that item is your application's Client ID.
required: true
schema:
type: string
example: ly1nj6n11vionaie65emwzk575hnnmrk
- name: redirect_uri
in: query
description: >-
The URI to which Box redirects the browser after the user has
granted or denied the application permission. This URI match one of
the redirect URIs in the configuration of your application. It must
be a valid HTTPS URI and it needs to be able to handle the
redirection to complete the next step in the OAuth 2.0 flow.
Although this parameter is optional, it must be a part of the
authorization URL if you configured multiple redirect URIs for the
application in the developer console. A missing parameter causes a
`redirect_uri_missing` error after the user grants application
access.
required: false
schema:
type: string
format: url
example: http://example.com/auth/callback
- name: state
in: query
description: >-
A custom string of your choice. Box will pass the same string to the
redirect URL when authentication is complete. This parameter can be
used to identify a user on redirect, as well as protect against
hijacked sessions and other exploits.
required: false
schema:
type: string
example: my_state
- name: scope
in: query
description: >-
A space-separated list of application scopes you'd like to
authenticate the user for. This defaults to all the scopes
configured for the application in its configuration page.
required: false
schema:
type: string
example: admin_readwrite
responses:
'200':
description: Does not return any data, but rather should be used in the browser.
content:
text/html:
schema:
type: string
format: html
default:
description: Does not return any data, but rather should be used in the browser.
content:
text/html:
schema:
type: string
format: html
security: []
servers:
- url: https://account.box.com/api/oauth2
description: Server for client-side authentication.
x-codeSamples:
- lang: curl
label: Authorize user
source: >-
curl -i -X GET
"https://account.box.com/api/oauth2/authorize?response_type=code&client_id=ly1nj6n11vionaie65emwzk575hnnmrk&redirect_uri=http://example.com/auth/callback"
- lang: dotnet
label: Authorize user
source: >-
using Box.Sdk.Gen;
var config = new OAuthConfig(clientId: "YOUR_CLIENT_ID",
clientSecret: "YOUR_CLIENT_SECRET");
var auth = new BoxOAuth(config: config);
// the URL to redirect the user to
var authorizeUrl = auth.GetAuthorizeUrl();
- lang: swift
label: Authorize user
source: |-
do {
// Initialize configuration with required clientId and clientSecret
let config = OAuthConfig(clientId: "<>", clientSecret: "<>")
// Initialize BoxOAuth with configuration
let oauth = BoxOAuth(config: config)
// Run login flow which opens a secure web view,
// where users enter their login credentials to obtain an authorization code,
// which is then exchanged for an access token.
try await oauth.runLoginFlow(options: .init(), context: self)
// Initialize BoxClient with already authorized OAuth
let client = BoxClient(auth: oauth)
// Use client to make API calls
let folder = try await client.folders.getFolderById(folderId: "<>")
} catch {
print("An error occurred: \(error)")
}
- lang: java
label: Authorize user
source: |-
BoxOAuth oauth = new OAuthConfig("CLIENT_ID", "CLIENT_SECRET");
String authorizationUrl = auoauthth.getAuthorizeUrl();
- lang: node
label: Authorize user
source: |-
import { BoxOAuth, OAuthConfig } from 'box-node-sdk/box';
const config = new OAuthConfig({
clientId: 'OAUTH_CLIENT_ID',
clientSecret: 'OAUTH_CLIENT_SECRET',
});
const oauth = new BoxOAuth({ config: config });
// the URL to redirect the user to
var authorize_url = oauth.getAuthorizeUrl();
- lang: python
label: Authorize user
source: |-
from box_sdk_gen import BoxOAuth, OAuthConfig
auth = BoxOAuth(
OAuthConfig(client_id="YOUR_CLIENT_ID", client_secret="YOUR_CLIENT_SECRET")
)
auth_url = auth.get_authorize_url()
components:
securitySchemes:
OAuth2Security:
type: oauth2
flows:
authorizationCode:
authorizationUrl: https://account.box.com/api/oauth2/authorize
tokenUrl: https://api.box.com/oauth2/token
scopes:
root_readonly: Read all files and folders stored in Box
root_readwrite: Read and write all files and folders stored in Box
manage_app_users: Provision and manage app users
manage_managed_users: Provision and manage managed users
manage_groups: Manage an enterprise's groups
manage_webhook: Create webhooks programmatically through the API
manage_enterprise_properties: Manage enterprise properties
manage_data_retention: Manage data retention polices
manage_legal_hold: Manage Legal Holds
````