To authenticate to the Box API the Postman collection will use an AccessToken to identify you, the User to the API. Access tokens expire after 1hour and therefore need to be refreshed every hour.
Using a Refresh Token
If you set up your own Box App in step2 of the Postman QuickStart guide then your Box environment in Postman should include a validclient_id
and client_secret
. These client credentials and therefresh_token
can be used to create a new value for the access_token
.
To refresh the access token, select the Refresh access token API call withinthe Authorization folder of the Postman collection.
Next, click the Send button to request a new access_token
.
At the end of this API call, your environment should have a new access_token
and refresh_token
value, and you should be able to make any of the other APIcalls.
Refresh tokens are only valid once and need to be used within 60 days. If usedwithin 60 days, a new one is created together with a new access token and the60 day period starts again.
A refresh token expires if not used within 60 days, after which a new refresh tokenand access token need to be requested by going through the QuickStart guide again.
Automatically refreshing an access token
The Postman collection can automatically detect an expired access_token
valueand request a new one by using the refresh_token
. By default this feature isenabled but it can be turned off by setting the enable_auto_refresh_access_token
Postman environment variable to false
.
To set this value, click the edit button in the top right of your Box Postmanenvironment variables.
Find the row in the table for the enable_auto_refresh_access_token
variableand set the Current Value to true
. Next, click Update to save yourchanges.
From now on, any time you make any API call the Postman collection willcheck if your access_token
has expired and try to refresh it automaticallybefore making your desired API call.
Re-authenticating your Postman collection
In some cases you might need to re-authenticate your Postman collection by goingthrough the Quick Start guide again. A commonreason for this is because you haven't used the Postman collection in over 60days and your refresh_token
has expired.
To re-authenticate, first remove your old Box Postman environment. To do so,click the little gear icon in the top right and select your environment fromthe list.
Select Delete to delete the environment. Then, restart the Postman QuickStart guide again from the start.
When re-importing the Box Postman Collection for a second time the Postmanapp might ask you to import the new collection as a copy or replace the oldone. We recommend importing it as a copy in order to preserve any customconfiguration you might have made to any of the APIs.