Server Side Authentication

New post


1 comment

  • Kourtney


    JWT is able to support all functionality, even listing. It's hard to say what's going on without more information. However, I will note that we do not allow long lived tokens for security reasons. Access tokens expire after 60 minutes and then must be refreshed using a refresh token. This can be done programmatically and is already built into our SDKs. The ability an access token possess is comprised of the selected scopes + application access + user permissions. 

    If you're comfortable providing information here, I can try to take a look, but will need the following:

    • API key (aka client id)  of your application 
    • Example date/time/timezone you received the 405 
    • Call you made when you received the 405 
    • Full body response of the 405 

    Otherwise, you'll need to login to a paid Box account and submit a support ticket with the information above for further investigation by our support team. 


    Kourtney, Box Developer Advocate

    Comment actions Permalink

Please sign in to leave a comment.