App Tokens with SDKs

App Tokens with SDKs

The official Box SDKs have build-in support for App Token authentication.

App Token authentication is designed for working directly with the Box API without requiring a user to redirect through Box to authorize your application, yet is restricted to the application's own data.

The method of authentication through JWT is inherently tied to the Service Account for the application. Any API call made with this token will seem to come from this application and will not have access to files and folders from other users without explicitly getting access them.

Prerequisites

Before we can get started, you will need to have completed the following steps.

  • Create a Box Application within the developer console
  • Ensure the application is configured to use App Token authentication
  • Generate a primary and secondary App Token for the application and store the tokens somewhere in your code.

Initializing an SDK client

To initialize an SDK client for app token auth, ensure the SDK is installed and then configure the SDK as follows.

.Net
var config = new BoxConfig("[CLIENT_ID]", "", new Uri("http://localhost"));
var session = new OAuthSession("[APP_TOKEN]", "N/A", 3600, "bearer");
var client = new BoxClient(config, session);
Java
BoxTransactionalAPIConnection api = new BoxTransactionalAPIConnection("[APP_TOKEN]");
Python
from boxsdk import Client, OAuth2

auth = OAuth2(access_token='[APP_TOKEN]')
client = Client(auth)
Node
var BoxSDK = require('box-node-sdk');
var sdk = new BoxSDK({
  clientID: '[CLIENT_ID]',
  clientSecret: ''
});

var client = sdk.getBasicClient('[APP_TOKEN]');

With this the application should be able to make API calls to any of the endpoints enabled for App Token auth.