Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to get an access token without Box’s authorization page

Tags:

box-api

I have been granted access(collaborate) in a folder. What I need is to access the folder daily and fetch files from it. Right now the developer token I generate expires in 1 hour. Is there a way I can get the authorization code without the first leg, which requires a user interface. This way I can refresh the access toke whenever I fetch files.

like image 925
xiao Avatar asked Feb 06 '14 20:02

xiao

2 Answers

You should be able to refresh the token without getting an authorization code. When the access token is sent back, a refresh token is also issued to you.

{
    "access_token": "T9cE5asGnuyYCCqIZFoWjFHvNbvVqHjl",
    "expires_in": 3600,
    "restricted_to": [],
    "token_type": "bearer",
    "refresh_token": "J7rxTiWOHMoSC1isKZKBZWizoRXjkQzig5C6jFgCVJ9bUnsUfGMinKBDLZWP9BgR"
}

You should store this refresh token somewhere secure (keychain, encrypted datastore, something similar) and use it to refresh the session when it expires.

You can tell the session is expired when you receive a 401 Unauthorized response from Box for any API request AND you see a WWW-Authenticate header with the value Bearer realm=.

The flow should look something like:

1) Log into Box and get an authorization code

2) Exchange the authorization code for an ACCESS TOKEN and REFRESH TOKEN pair (this only needs to be done once!)

3) Store the refresh token

4) Begin making requests with the API

5) When a 401 Unauthorized is received with a WWW-Authenticate header in an API response, issue a www-form-urlencoded POST request to Box like this:

curl https://www.box.com/api/oauth2/token \ -d 'grant_type=refresh_token&refresh_token={valid refresh token}&client_id={your_client_id}&client_secret={your_client_secret}' \ -X POST

If successful, you'll be issued a NEW access token AND refresh token pair. Store the new refresh token, swap out the old access token for the new one, and resume your API calls from your previous failed call.

Hope that helps!

like image 125
Skippy Ta Avatar answered Oct 26 '22 22:10

Skippy Ta

Found a nice package which answers my question. :) https://github.com/sookasa/box.py

like image 23
xiao Avatar answered Oct 26 '22 23:10

xiao
Sign in to Comment

Related questions

Using the new OAuth 2 in Box
Downloading file though Box API 2.0 giving 200 as response instead of 302 found
Upload file with Box.com PHP API
Get non expiring Access Token from Box or Get access token from box by passing UserName and Password.?
Box.com Search API to retrieve all files in a determined folder
Authentication to Box in a C# desktop application using the Box Windows SDK v2 library
Best way to upload files to Box.com programmatically
Working with the Box.com SDK for Python
OAuth2 refresh token only valid for 14 days
Is there any easy way to get folderID based on a given path?
Gradle release build with proguard: java.lang.IncompatibleClassChangeError and java.lang.NoSuchMethodError
OAuth2 returns invalid_client error
Upload file using python requests
Upload a file to Box.com using Powershell
BOX v2 API for overwriting a file or checking one exists before trying to upload
Where can I find my Enterprise ID for Box API?
how can i upload a file using PHP
iOS BoxSDK returning nil for sharedLink

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!