This site has updated in the backgroundRefreshx
Box Developer Documentation Portalnew
BlogForumFeedback
Manage Applications

    Authorize a user

    get
    https://account.box.com/api/oauth2
    /authorize

    Authorize a user by sending them through the Box website and request their permission to act on their behalf.

    This is the first step when authenticating a user using OAuth 2.0. To request a user's authorization to use the Box APIs on their behalf you will need to send a user to the URL with this format.

    Request

    application/json

    Query Parameters

    stringin queryrequired
    ly1nj6n11vionaie65emwzk575hnnmrk

    The Client ID of the application that is requesting to authenticate the user. To get the Client ID for your application, log in to your Box developer console and click the Edit Application link for the application you're working with. In the OAuth2 Parameters section of the configuration page, find the item labeled client_id. The text of that item is your application's Client ID.

    string / urlin queryrequired
    http://example.com/auth/callback

    The URL to which Box redirects the browser after the user has granted or rejected the application permission. This URL must match the redirect URL in the configuration of your application. It must be a valid HTTPS URL and it needs to be able to handle the redirection to complete the next step in the OAuth2 flow.

    string / tokenin queryrequired
    5idyGSFuf54zrvKm

    Value is always "code"

    stringin queryoptional
    admin_readwrite

    A comma-separated list of application scopes you'd like to authenticate the user for. This defaults to all the scopes configured for the application in its configuration page.

    stringin queryoptional
    my_state

    A custom string of your choice. Box will pass the same string to the redirect URL when authentication is complete. This parameter can be used to identify a user on redirect, as well as protect against hijacked sessions and other attacks.

    Response

    text/html

    Does not return any data, but rather should be used in the browser.

    You can now try out some of our APIs live, right here in the documentation.
    Log In

    Request Example

    curl -X GET https://account.box.com/api/oauth2/authorize?response_type=5idyGSFuf54zrvKmclient_id=ly1nj6n11vionaie65emwzk575hnnmrkredirect_uri=http://example.com/auth/callback
    var config = new BoxConfig("YOUR_CLIENT_ID", "YOUR_CLIENT_SECRET", new Uri("http://localhost"));
    var session = new OAuthSession("YOUR_DEVELOPER_TOKEN", "N/A", 3600, "bearer");
    var client = new BoxClient(config, session);
    BoxAPIConnection api = new BoxAPIConnection("YOUR-DEVELOPER-TOKEN");
    from boxsdk import OAuth2
    
    oauth = OAuth2(
        client_id='YOUR_CLIENT_ID',
        client_secret='YOUR_CLIENT_SECRET',
        store_tokens=your_store_tokens_callback_method,
    )
    
    auth_url, csrf_token = oauth.get_authorization_url('http://YOUR_REDIRECT_URL')
    
    # Redirect user to auth_url, where they will enter their Box credentials
    var BoxSDK = require('box-node-sdk');
    var sdk = new BoxSDK({
    	clientID: 'YOUR-CLIENT-ID',
    	clientSecret: 'YOUR-CLIENT_SECRET'
    });
    
    // the URL to redirect the user to
    var authorize_url = BoxSDK.getAuthorizeURL({
    	response_type: 'code'
    });