AI
App item associations
Authorization
- Resources
  - Access token
  - OAuth 2.0 error
- Endpoints
Box Sign requests
Box Sign templates
Classifications
Classifications on files
Classifications on folders
Collaborations
Collaborations (List)
Collections
Comments
Device pinners
Doc Gen
Doc Gen templates
Domain restrictions (User exemptions)
Domain restrictions for collaborations
Downloads
Email aliases
Events
File requests
File version legal holds
File version retentions
File versions
Files
Folder Locks
Folders
Group memberships
Groups
Integration mappings
Invites
Legal hold policies
Legal hold policy assignments
Metadata cascade policies
Metadata instances (Files)
Metadata instances (Folders)
Metadata templates
Recent items
Retention policies
Retention policy assignments
Search
Session termination
Shared links (Files)
Shared links (Folders)
Shared links (Web Links)
Shield information barrier reports
Shield information barrier segment members
Shield information barrier segment restrictions
Shield information barrier segments
Shield information barriers
Skills
Standard and Zones Storage Policies
Standard and Zones Storage Policy Assignments
Task assignments
Tasks
Terms of service
Terms of service user statuses
Transfer folders
Trashed files
Trashed folders
Trashed items
Trashed web links
Uploads
Uploads (Chunked)
User avatars
Users
Watermarks (Files)
Watermarks (Folders)
Web links
Webhooks
Workflows
Zip Downloads
Resources

Latest version

Refresh access token

post

https://api.box.com

/oauth2/token

This endpoint is in the version 2024.0. No changes are required to continue using it. For more details, see Box API versioning.

Refresh an Access Token using its client ID, secret, and refresh token.

Request

content-typeapplication/x-www-form-urlencoded

Request Body

client_id stringin bodyrequired

example"ly1nj6n11vionaie65emwzk575hnnmrk"

The client ID of the application requesting to refresh the token.

client_secret stringin bodyrequired

example"hOzsTeFlT6ko0dme22uGbQal04SBPYc1"

The client secret of the application requesting to refresh the token.

grant_type string (urn)in bodyrequired

example"refresh_token"

The type of request being made, in this case a refresh request.

Value is always refresh_token

refresh_token string (token)in bodyrequired

example"c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ"

The refresh token to refresh.

Response

200application/jsonAccess token

Returns a new Access Token that can be used to make authenticated API calls by passing along the token in a authorization header as follows Authorization: Bearer <Token>.

400application/jsonOAuth 2.0 error

An authentication error.

defaultapplication/jsonOAuth 2.0 error

An authentication error.

post

Refresh access token

You can now try out some of our APIs live, right here in the documentation.

Request Example

cURL

curl -i -X POST "https://api.box.com/oauth2/token" \
     -H "content-type: application/x-www-form-urlencoded" \
     -d "client_id=[CLIENT_ID]" \
     -d "client_secret=[CLIENT_SECRET]" \
     -d "refresh_token=[REFRESH_TOKEN]" \
     -d "grant_type=refresh_token"

TypeScript Gen

await auth.refreshToken();

Python Gen

auth.refresh_token()

.NET Gen

await auth.RefreshTokenAsync();

Swift Gen (Beta)

try await auth.refreshToken();

Response Example

{
  "access_token": "c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ",
  "expires_in": 3600,
  "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
  "refresh_token": "c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ",
  "restricted_to": [
    {
      "object": {
        "etag": "1",
        "id": "12345",
        "type": "folder",
        "name": "Contracts",
        "sequence_id": "3"
      },
      "scope": "item_download"
    }
  ],
  "token_type": "bearer"
}

Resources

Endpoints

Refresh access token

Request Body