Authentication with the Box API uses an Access Token to identify a user. The way in which an Access Token is acquired depends on the method used to authorize a user. The type of authorization available to an application depends on the use-case as well as the type of application that has been created in the developer console.
|Box Application Type||Authentication methods|
|Custom App||OAuth 2.0, JWT, or Client Credentials Grant|
|Limited Access App||App token|
|Custom Skill||No authentication method selection needed|
Learn how to select an authorization type
Access Tokens for Authentication
Every API endpoint requires a valid and active Access Token to make API calls. An Access Token is a unique string that identifies an authenticated Box user to the API endpoints.
curl https://api.box.com/2.0/users/me \ -H "authorization: Bearer EGmDmRVfhfHsqesn5yVYHAqUkD0dyDfk"
Learn more about Access Tokens