Developer Tokens

Developer Tokens

A Developer Token is an Access Token available to developers during development and testing. These tokens are short lived as they expire after 60 minutes and can not be refreshed automatically.

Developer tokens are always authenticated as the developer's user account, not any other user. This is different from most of the other authentication methods.

Create Developer Token

To create a Developer Token for an application:

  • Go to the Box developer console and select the application to create a Developer Token for.
  • From the sidebar select "Configuration".
  • In the "Developer Token" section select "Generate Developer Token".

Using Developer Token

A Developer Token can be used like any Access Token in the Authorization header of an API call.

curl https://api.box.com/2.0/users/me \
  -H "authorization: Bearer [DEVELOPER_TOKEN]"

Please be aware that the developer token is associated to the user (developer) that was logged in to the developer console when the token was created.

Most of our SDKs can be initialized with a Developer Token as well to create a basic API client.

.NET
var config = new BoxConfig("YOUR_CLIENT_ID", "YOUR_CLIENT_SECRET", new Uri("http://localhost"));
var session = new OAuthSession("YOUR_DEVELOPER_TOKEN", "N/A", 3600, "bearer");
var client = new BoxClient(config, session);
Java
BoxAPIConnection api = new BoxAPIConnection("YOUR-DEVELOPER-TOKEN");
Python
from boxsdk import Client, OAuth2

auth = OAuth2(
    client_id='YOUR_CLIENT_ID',
    client_secret='YOUR_CLIENT_SECRET',
    access_token='DEVELOPER_TOKEN_GOES_HERE',
)
client = Client(auth)
me = client.user().get()
print('My user ID is {0}'.format(me.id))
Node
var BoxSDK = require('box-node-sdk');
var sdk = new BoxSDK({
	clientID: 'YOUR-CLIENT-ID',
	clientSecret: 'YOUR-CLIENT_SECRET'
});

var client = sdk.getBasicClient('YOUR-DEVELOPER-TOKEN');

Developer tokens should not be used in production environments

The Developer Token should only be used for development and testing purposes. As tokens automatically expire and can not be refreshed automatically they are of limited use in a production environment.