Share
Box held one of our periodic internal Hackathons in early December. I built developer tokens for my winning hack.
The complexity of implementing OAuth2 was frustrating many of our customers and partners starting to build on the Content API. Security requires care, and while we do our best to make sure it is as simple as possible to sign into services and applications that bring your Box account extra features, the OAuth2 process is not trivial to implement.
I'm proud to introduce my newly public Hackathon project: Developer Tokens.
Developer Tokens are tokens that behave just like a full OAuth2 bearer token. They give you access to your account on a temporary basis so you can get started quickly. The power of the Developer token is that it requires almost no work on your part to get one.
When you create an application on the Box Developer website, just go into the application management page. That's the page where you can modify basic things about your application, like the name, icon, or description. You can now just click on a simple button to get a developer token. That button generates a valid OAuth2 token with access to your own Box account, with a scope granted to your app. You do not have to enter your account password or go through a login flow. You do not have to make any API calls, or redirect a user to a URL, and you do not have to catch any http responses coming from the Box servers. Simply click the button in the application admin console, and we'll give you the token for your account.
Limitations:
- The tokens expire (currently after 1 hour)
- The tokens are only valid for your own account (so you can't use them to test other people using your app)
- There is no refresh token paired with the token
