After you have set up your application and you’re ready to work with our API, there are a of couple options to quickly test making some API calls and familiarize yourself with the Box response format.
One of the quickest ways to do this is by creating a token directly from the application set up interface. Under the “Configuration” tab there is a '“Developer Token” section which will allow you to grab a token that is authenticated to the developer account that you are currently logged into — note that this token is meant for spot testing, not for production use or longer term tests. Keep in mind that the token is valid for about an hour from being generated and the only way to refresh the token is by manually creating another one from the application interface.
Once you have a token, there are a number of options on how to make the first API call. Our API reference page provides you with examples of making the API calls using curl directly from your terminal as well as examples utilizing our SDKs. To make sure your application is set up correctly, the best API calls to make first is the one focused on getting the current user information as this will eliminate majority of the potential scope misconfigurations.
Before you set yourself up with one of our SDKs, there are some options for testing different API calls quickly. We provide a Postman Collection which is great for quickly spot checking specific calls and seeing what information they return. If you would prefer to work from the terminal, we also provide you a Box CLI tool.
While you are doing your initial testing, note that when you generate a token, it is a snapshot of what scopes the token has at that time. If you change any of the scopes in the application, they will not be automatically updated for the already existing tokens and you will need to generate a new one. Here are some additional details:
Developer Token — revoke the token and create a new one.
OAuth 2.0 with JWT — to update the scopes, you will need to reauthorize the JWT application in the enterprise to get approval of new scopes.
OAuth 2.0 User Authentication — you will have to go through the full OAuth process again and approve the new scopes at the user level. Note that your Access and Refresh token pair is always tied to the scopes that were used when the tokens are generated, so refreshing the tokens will not update the scopes.
For any questions, please contact our Partners team at firstname.lastname@example.org