Box.net authentication

 

 

An authorization token is required for every API call. For OpenBox Actions, you generally don't need to worry about auth tokens, since the URL's given to you by the Box Parameters generally have the auth tokens already specified in them. Auth tokens are useful only if you want to perform API methods on the file other than overwrite, copy, and share. Those three actions can be done with the pre-formed URL's given in Box Parameters. You can learn more about the other things you can do with a file and an auth token here.

 

There are two types of authentication tokens: user authentication tokens and file authentication tokens. User auth tokens are obtained through our traditional ticket authentication process, work for all files of a user and never expire. File auth tokens applies to OpenBox actions each time the action is executed on a specific file, work only for the specific file that the action was performed on, and expire after 24 hours.

 

To authenticate users please follow the following steps:

 

  1. Get a ticket calling get_ticket method.
  2. Redirect the user to www.box.net/api/1.0/auth/<ticket>.
  3. User authenticates on box.net.
    1. For desktop software, users will see a message that they can now proceed into the application.
        • The user can then press a button in the application to continue authentication, at which point the application can get the auth_token by calling the get_auth_token method, which will authenticate further requests.
    1. For web-based applications, the user will be redirected to a url provided in your application settings at enabled.box.net (Enabled is our old development site. We are in the process of moving the content to Box, but in the meantime if you want to use the redirection you will have to create a project of the same name on enabled.box.net in order to setup the redirect URL. This project will be connected to your service on OpenBox).
        • At the end of the url auth_token= will be appended after '&' or '?' mark depending on your redirect url.

After the user has authenticated, the next step depends on whether you're writing a web application or a desktop application.

 


Need additonal assistance? Please feel free to contact us.


Page Information

  • 3 months ago [history]
  • View page source
  • You're not logged in
  • No tags yet learn more

Wiki Information

Recent PBwiki Blog Posts