At the core of every Box API call is an Access Token.
Similar to using the Box Web App, you will only be able to successfully interact
with content the user associated with the Access Token either a collaborator on
or owns. This can be further restricted by a token.
Required access scopes, application access, enabled advanced settings, user
permissions, and endpoint-specific restrictions all work together to determine
which API calls will be successful. For example, even if a user has
collaborator access to a folder, a call to get information about the folder
will not be successful if the read scope is not granted to the application.
Types of tokens
| Type | Duration |
|---|
| 60 minutes |
| 60 days or one use |
| 60 minutes |
Application Types & Access Tokens
The following shows how each application type is expected to create an Access
Token.
| Box Application Type | How to get Access Token |
|---|
| Platform App + OAuth 2.0 | |
| Platform App + JWT | |
| Platform App + Client Credentials Grant | |
