Join BoxWorks 2024 to discover what's possible with content and AI!

Authorize user

get

https://account.box.com/api/oauth2

/authorize

Authorize a user by sending them through the Box website and request their permission to act on their behalf.

This is the first step when authenticating a user using OAuth 2.0. To request a user's authorization to use the Box APIs on their behalf you will need to send a user to the URL with this format.

Related Guides

Request

content-typeapplication/json

Query Parameters

client_id stringin queryrequired

examplely1nj6n11vionaie65emwzk575hnnmrk

The Client ID of the application that is requesting to authenticate the user. To get the Client ID for your application, log in to your Box developer console and click the Edit Application link for the application you're working with. In the OAuth 2.0 Parameters section of the configuration page, find the item labelled client_id. The text of that item is your application's Client ID.

redirect_uri string (url)in queryoptional

examplehttp://example.com/auth/callback

The URI to which Box redirects the browser after the user has granted or denied the application permission. This URI match one of the redirect URIs in the configuration of your application. It must be a valid HTTPS URI and it needs to be able to handle the redirection to complete the next step in the OAuth 2.0 flow. Although this parameter is optional, it must be a part of the authorization URL if you configured multiple redirect URIs for the application in the developer console. A missing parameter causes a redirect_uri_missing error after the user grants application access.

response_type string (token)in queryrequired

examplecode

The type of response we'd like to receive.

Value is always code

scope stringin queryoptional

exampleadmin_readwrite

A space-separated list of application scopes you'd like to authenticate the user for. This defaults to all the scopes configured for the application in its configuration page.

state stringin queryoptional

examplemy_state

A custom string of your choice. Box will pass the same string to the redirect URL when authentication is complete. This parameter can be used to identify a user on redirect, as well as protect against hijacked sessions and other exploits.

Response

200text/html

Does not return any data, but rather should be used in the browser.

defaulttext/html

Does not return any data, but rather should be used in the browser.

get

Authorize user

You can now try out some of our APIs live, right here in the documentation.

Request Example

cURL

curl -i -X GET "https://account.box.com/api/oauth2/authorize?response_type=code&client_id=ly1nj6n11vionaie65emwzk575hnnmrk&redirect_uri=http://example.com/auth/callback"

TypeScript Gen

const {
  BoxOAuth,
  OAuthConfig,
} = require('box-typescript-sdk-gen/lib/box/oauth.generated.js');

const config = new OAuthConfig({
  clientId: 'OAUTH_CLIENT_ID',
  clientSecret: 'OAUTH_CLIENT_SECRET',
});
const oauth = new BoxOAuth({ config: config });

// the URL to redirect the user to
var authorize_url = oauth.getAuthorizeUrl();

Python Gen

from box_sdk_gen import BoxOAuth, OAuthConfig

auth = BoxOAuth(
    OAuthConfig(client_id="YOUR_CLIENT_ID", client_secret="YOUR_CLIENT_SECRET")
)
auth_url = auth.get_authorize_url()

.NET Gen

using Box.Sdk.Gen;

var config = new OAuthConfig(clientId: "YOUR_CLIENT_ID", clientSecret: "YOUR_CLIENT_SECRET");
var auth = new BoxOAuth(config: config);

// the URL to redirect the user to
var authorizeUrl = auth.GetAuthorizeUrl();

Swift Gen (Beta)

do {
    // Initialize configuration with required clientId and clientSecret
    let config = OAuthConfig(clientId: "<<YOUR CLIENT ID HERE>>", clientSecret: "<<YOUR CLIENT SECRET HERE>>")
    // Initialize BoxOAuth with configuration
    let oauth = BoxOAuth(config: config)
    // Run login flow which opens a secure web view,
    // where users enter their login credentials to obtain an authorization code,
    // which is then exchanged for an access token.
    try await oauth.runLoginFlow(options: .init(), context: self)
    // Initialize BoxClient with already authorized OAuth
    let client = BoxClient(auth: oauth)

    // Use client to make API calls
    let folder = try await client.folders.getFolderById(folderId: "<<YOUR_FOLDER_ID>>")
} catch {
    print("An error occurred: \(error)")
}

Python

from boxsdk import OAuth2

oauth = OAuth2(
    client_id='YOUR_CLIENT_ID',
    client_secret='YOUR_CLIENT_SECRET',
    store_tokens=your_store_tokens_callback_method,
)

auth_url, csrf_token = oauth.get_authorization_url('http://YOUR_REDIRECT_URL')

# Redirect user to auth_url, where they will enter their Box credentials

Node

var BoxSDK = require('box-node-sdk');
var sdk = new BoxSDK({
	clientID: 'YOUR-CLIENT-ID',
	clientSecret: 'YOUR-CLIENT_SECRET'
});

// the URL to redirect the user to
var authorize_url = sdk.getAuthorizeURL({
	response_type: 'code'
});

iOS

import BoxSDK

let sdk = BoxSDK(clientId: "YOUR CLIENT ID HERE", clientSecret: "YOUR CLIENT SECRET HERE")
sdk.getOAuth2Client() { result in
    switch result {
    case let .success(client):
        // Use client to make API calls
    case let .failure(error):
        // Handle error creating client
    }
}