Box Developer Documentation
Latest version

Refresh access token

post
https://api.box.com
/oauth2/token

Refresh an Access Token using its client ID, secret, and refresh token.

Request

application/x-www-form-urlencoded

Request Body

stringin bodyrequired
"ly1nj6n11vionaie65emwzk575hnnmrk"

The client ID of the application requesting to refresh the token.

stringin bodyrequired
"hOzsTeFlT6ko0dme22uGbQal04SBPYc1"

The client secret of the application requesting to refresh the token.

string (urn)in bodyrequired
"refresh_token"

The type of request being made, in this case a refresh request.

Value is always refresh_token

string (token)in bodyrequired
"c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ"

The refresh token to refresh.

Response

application/jsonAccess token

Returns a new Access Token that can be used to make authenticated API calls by passing along the token in a authorization header as follows Authorization: Bearer <Token>.

application/jsonOAuth 2.0 error

An authentication error.

application/jsonOAuth 2.0 error

An authentication error.

post
Refresh access token
You can now try out some of our APIs live, right here in the documentation.
Log in

Request Example

cURL
curl -i -X POST "https://api.box.com/oauth2/token" \
     -H "content-type: application/x-www-form-urlencoded" \
     -d "client_id=[CLIENT_ID]" \
     -d "client_secret=[CLIENT_SECRET]" \
     -d "refresh_token=[REFRESH_TOKEN]" \
     -d "grant_type=refresh_token"

Response Example

{
  "access_token": "c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ",
  "expires_in": 3600,
  "issued_token_type": "urn:ietf:params:oauth:token-type:access_token",
  "refresh_token": "c3FIOG9vSGV4VHo4QzAyg5T1JvNnJoZ3ExaVNyQWw6WjRsanRKZG5lQk9qUE1BVQ",
  "restricted_to": [
    {
      "object": {
        "etag": "1",
        "id": "12345",
        "type": "folder",
        "name": "Contracts",
        "sequence_id": "3"
      },
      "scope": "item_download"
    }
  ],
  "token_type": "bearer"
}