GetOAuthAccessToken
Retrieves an OAuth access token from Box to authenticate API requests.
Input
| Name | Type | Description |
| AuthMode | String | Specifies the authentication flow to use. Choose 'App' to retrieve tokens via a desktop app flow, or 'Web' to retrieve tokens via a web application flow.
The allowed values are APP, WEB. The default value is WEB. |
| CallbackUrl | String | The redirect URL where the user is sent after authorizing your application. This must exactly match the Redirect URL configured in your Box app settings. Required only when using AuthMode=Web. |
| Scope | String | A space- or comma-separated list of permissions (scopes) that define the level of access requested. Refer to the Box API documentation for available scopes. |
| Verifier | String | The authorization verifier returned by Box after the user grants access to your app. It is included as a parameter in the redirect CallbackUrl and is required to complete the token exchange. |
| State | String | An optional string used to maintain state between the request and callback. The same value sent is returned by Box, allowing use cases such as redirecting the user to a specific resource, mitigating CSRF, or including a nonce for security. |
| GrantType | String | Determines how to retrieve the access token.
The allowed values are CODE, CLIENT. The default value is CODE. |
Result Set Columns
| Name | Type | Description |
| OAuthAccessToken | String | The short-lived access token returned from Box, used to authenticate API requests. |
| OAuthRefreshToken | String | The refresh token that can be used to obtain new access tokens when the current one expires. In Box, this value may be the same as the access token. |
| ExpiresIn | String | The lifetime of the access token in seconds. A value of -1 indicates the token does not expire. |