Hi Y’all,
I recently had several interactions with developers about the Box REST API and realized there are plenty developers out there that don’t know Box provides a collection for Postman and even less are aware of our advanced collection.
This takes them to a painful journey of creating a Postman collection manually, which between endpoints and methods is upwards of 150 entries.
The ones who are not aware of the advanced collection, inevitably tinker with the authorization and the pre-request script in order to get Postman to work with Box CCG and JWT application authorization.
Where to find the collections
All postman collections can be found at our public Postman page.
We essentially provide 2 different collections:
- Box Platform API - aka the classic collection, supports only OAuth with automatic refresh of the access token when it expires.
- Box Platform Advanced - supports all Box applications authentication modes (Developer, OAuth, CCG, and JWT) with automatic access token refresh, except for the developer token.
None of these collections use Postman native authentication methods. Both rely on pre-request scripts to check if the access token is still valid and automatically request a new one if necessary.
For each of these we also provide a Japanese version.
How to get started
Classic collections
You can manually fork and configure the authentication in Postman using an environment, just follow our guide.
However the easiest way is to follow our quick start guide. This guide will take you step by step through all the configurations, including:
- Install Postman
- Create and configure a Box application
- Fork the Postman collection
- Make an API call
This guide will also automatically configure a Postman environment with all settings necessary for the authentication to work.
If you are a visual learner, we have a video.
Advanced collections
For the advanced collections you can just navigate to our public workspace and fork them into your workspace.
Setting up the environments is not automatic, but you have greater control over the process, and to facilitate this process we’ve included an Utilities folder with some help methods, and instructions.
If you use OAuth, you’ll need to authorize the application first, and we also included instructions for this:
Collection updates
At Box we practice CI/CD, so the API specs are constantly being updated.
The best way to keep the collections updated is to check the “Watch original collection”, so that you get a notification when the collections are updated.
From there you can just “Pull changes”:
Did you notice that there is a new AI end point?
Classic vs Advanced: which one to choose?
Like most things in life it depends…
If you are getting started in exploring the Box API then go with the Classic flavor, just remember this only support OAuth.
If you need to connect using multiple applications with any authentication (OAuth, CCG, and JWT), using multiple users and service accounts, then the advanced collection is for you.
You can have any number of environments and quickly switch between them, not getting bogged down by the authentication modes. It just works.
Both collection have exactly the same API endpoints.
I hope this sheds some light on how we organize our Postman collections.
Let us know if you have questions.