Add the power of the Box AI API to your custom apps at Content Cloud Summit on May 15

Learn more and register!

App Tokens with SDKs

App Tokens with SDKs

The official Box SDKs have built-in support for App Token authentication.

App Token authentication is designed for working directly with the Box API without requiring a user to redirect through Box to authorize your application, yet is restricted to the application's own data.

The method of authentication through JWT is inherently tied to the Service Account for the application. Any API call made with this token will seem to come from this application and will not have access to files and folders from other users without explicitly getting access them.


Before we can get started, you will need to have completed the following steps.

  • Create a Box Application within the developer console
  • Ensure the application is configured to use App Token authentication
  • Generate a primary and secondary App Token for the application and store the tokens somewhere in your code.

Initializing an SDK client

To initialize an SDK client for app token auth, ensure the SDK is installed and then configure the SDK as follows.

var config = new BoxConfig("[CLIENT_ID]", "", new Uri("http://localhost"));
var session = new OAuthSession("[APP_TOKEN]", "N/A", 3600, "bearer");
var client = new BoxClient(config, session);
BoxTransactionalAPIConnection api = new BoxTransactionalAPIConnection("[APP_TOKEN]");
from boxsdk import Client, OAuth2

auth = OAuth2(access_token='[APP_TOKEN]')
client = Client(auth)
var BoxSDK = require('box-node-sdk');
var sdk = new BoxSDK({
    clientID: '[CLIENT_ID]',
    clientSecret: ''

var client = sdk.getBasicClient('[APP_TOKEN]');

With this the application should be able to make API calls to any of the endpoints enabled for App Token auth.

Using SDKs and Application Tokens

To learn more about Application Tokens for each SDK head over to: