Developer Tokens

Developer Tokens

A Developer Token is an Access Token available to developers during development and testing. These tokens are short lived, as they expire after 60 minutes, and cannot be refreshed programmatically.

Create Developer Token

To create a Developer Token for an application:

  • Navigate to the Box Developer Console and select the application to create a Developer Token for.
  • Select the Configuration tab.
  • Under Developer Token, select Generate Developer Token.

You can also generate a Developer Token directly from My Apps view, using the menu available for each app.

Generating a Developer Token

Using Developer Token

A Developer Token can be used like any Access Token in the Authorization header of an API call.

curl https://api.box.com/2.0/users/me \
    -H "authorization: Bearer [DEVELOPER_TOKEN]"

A Developer Token is associated with the the user that is logged in to the Developer Console when the token is generated.

Our SDKs can be initialized with a Developer Token to create a basic API client.

.NET
var config = new BoxConfigBuilder("YOUR_CLIENT_ID", "YOUR_CLIENT_SECRET", new Uri("http://localhost")).Build();
var session = new OAuthSession("YOUR_DEVELOPER_TOKEN", "N/A", 3600, "bearer");
var client = new BoxClient(config, session);
Java
BoxAPIConnection api = new BoxAPIConnection("YOUR-DEVELOPER-TOKEN");
Python
from boxsdk import Client, OAuth2

auth = OAuth2(
    client_id='YOUR_CLIENT_ID',
    client_secret='YOUR_CLIENT_SECRET',
    access_token='DEVELOPER_TOKEN_GOES_HERE',
)
client = Client(auth)
me = client.user().get()
print(f'My user ID is {me.id}')
Node
var BoxSDK = require('box-node-sdk');
var sdk = new BoxSDK({
	clientID: 'YOUR-CLIENT-ID',
	clientSecret: 'YOUR-CLIENT_SECRET'
});

var client = sdk.getBasicClient('YOUR-DEVELOPER-TOKEN');

Developer tokens should not be used in production environments

Developer Tokens should only be used for development or testing purposes.

When you explicitly revoke a developer token for a given app via the Developer console, all webhooks created by that application get deleted.

Using SDKs and Developer Tokens

To learn more about Developer Tokens for each SDK head over to: