V1 Authentication

OAuth: This document is maintained strictly for legacy purposes. Please use OAuth 2.0 for authentication in your application. We do not guarantee that v1 Auth will work with newer v2 APIs released after Dec 14 2012

The following walkthrough will show you how to authenticate through the V1 process and generate an auth_token for making V1 API calls

Get a Ticket

First, retrieve a ticket using your API key with the following call:

GET https://www.box.com/api/1.0/rest?action=get_ticket&api_key={YOUR API KEY}
api_key: The value of api_key can be the vlaue of your client_id.

You’ll receive an XML response like this:

<?xml version='1.0' encoding='UTF-8' ?>

Redirect the User to Box

The user will now need to authorize your application to access their account. Redirect them to the following URL using the ticket you received in the previous step:

https://www.box.com/api/1.0/auth/{YOUR TICKET}

The user will be directed to page such as this:


Handle the Response from Box

After the user authorizes your app, Box will make a GET request to the redirect URL you’ve specified in your application settings. For example, if your redirect URL is https://www.yourapp.com/box-response, Box will make this request:

https://www.yourapp.com/box-response?ticket={YOUR TICKET}&auth_token={AUTH TOKEN FOR THE USER}

You can then use the auth_token parameter to make V1 API calls.