Refresh access token - Box Dev Docs

cURL

curl -i -X POST "https://api.box.com/oauth2/token" \
     -H "content-type: application/x-www-form-urlencoded" \
     -d "client_id=[CLIENT_ID]" \
     -d "client_secret=[CLIENT_SECRET]" \
     -d "refresh_token=[REFRESH_TOKEN]" \
     -d "grant_type=refresh_token"

{
  "access_token": "c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ",
  "expires_in": 3600,
  "token_type": "bearer",
  "restricted_to": [
    {
      "scope": "item_download",
      "object": {
        "id": "12345",
        "type": "folder",
        "etag": "1",
        "sequence_id": "3",
        "name": "Contracts"
      }
    }
  ],
  "refresh_token": "c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ",
  "issued_token_type": "urn:ietf:params:oauth:token-type:access_token"
}

POST

oauth2

token#refresh

cURL

curl -i -X POST "https://api.box.com/oauth2/token" \
     -H "content-type: application/x-www-form-urlencoded" \
     -d "client_id=[CLIENT_ID]" \
     -d "client_secret=[CLIENT_SECRET]" \
     -d "refresh_token=[REFRESH_TOKEN]" \
     -d "grant_type=refresh_token"

{
  "access_token": "c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ",
  "expires_in": 3600,
  "token_type": "bearer",
  "restricted_to": [
    {
      "scope": "item_download",
      "object": {
        "id": "12345",
        "type": "folder",
        "etag": "1",
        "sequence_id": "3",
        "name": "Contracts"
      }
    }
  ],
  "refresh_token": "c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ",
  "issued_token_type": "urn:ietf:params:oauth:token-type:access_token"
}

This endpoint is in the version 2024.0. No changes are required to continue using it. For more details, see Box API versioning.Learn more about Box SDK versioning strategy.

Body

application/x-www-form-urlencoded

A request to refresh an Access Token. Use this API to refresh an expired Access Token using a valid Refresh Token.

grant_type

enum<string>

required

The type of request being made, in this case a refresh request.

Available options:

refresh_token

Example:

"refresh_token"

client_id

string

required

The client ID of the application requesting to refresh the token.

Example:

"ly1nj6n11vionaie65emwzk575hnnmrk"

client_secret

string

required

The client secret of the application requesting to refresh the token.

Example:

"hOzsTeFlT6ko0dme22uGbQal04SBPYc1"

refresh_token

string<token>

required

The refresh token to refresh.

Example:

"c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ"

Response

Returns a new Access Token that can be used to make authenticated API calls by passing along the token in a authorization header as follows Authorization: Bearer <Token>.

A token that can be used to make authenticated API calls.

access_token

string<token>

The requested access token.

Example:

"c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ"

expires_in

integer<int64>

The time in seconds by which this token will expire.

Example:

3600

token_type

enum<string>

The type of access token returned.

Available options:

bearer

Example:

"bearer"

restricted_to

Resource scope · object[]

The permissions that this access token permits, providing a list of resources (files, folders, etc) and the scopes permitted for each of those resources.

Show child attributes

refresh_token

string<token>

The refresh token for this access token, which can be used to request a new access token when the current one expires.

Example:

"c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ"

issued_token_type

enum<string>

The type of downscoped access token returned. This is only returned if an access token has been downscoped.

Available options:

urn:ietf:params:oauth:token-type:access_token

Example:

"urn:ietf:params:oauth:token-type:access_token"

Authorize user

Request access token

⌘I