Hello,
I am currently developing an external system integration that retrieves data from Box via API.
For this integration, we need to use an access token. However, the default access token expiration time is 1 hour, and refreshing the token every hour is not operationally practical for our use case.
I would like to ask the following:
-
Is it possible to extend the expiration time of an access token beyond the default 1 hour?
-
In the documentation below, it appears that “Access Token Expiry” can be configured:
https://developer.box.com/guides/authentication/app-token/app-token-setup#primary-and-secondary-app-tokens
Could you clarify how to modify the expiration time and whether there are any limitations?
Additionally, regarding Limited Access Apps:
The documentation recommends using a Limited Access App, but I am unable to create one in my Developer Console.
-
Is the creation of a Limited Access App restricted to Box Enterprise accounts?
-
If I am using a non-enterprise developer account, is there any alternative approach to achieve similar functionality?
For long-running external API integrations, what authentication method does Box recommend (e.g., OAuth 2.0 with refresh tokens, JWT, App Token, etc.)?
We would greatly appreciate your guidance on the recommended best practice for stable, long-term API integrations.
Thank you very much.