Hi @scotty321 ,
There is no way you’re going to get a bearer token directly. This is common practice in public API’s that enforce authentication and authorization, such as the Box Platform.
In order to get a bearer token you need to exchange your app credentials for the bearer token.
Since you’re using an API integrator like make, then the 2 convenient authentication methods applicable are the CCG (client credential grants) or the JWT (JSON web tokens) since these do not involve user interaction and http redirections.
Let’s take a look at CCG attribute you’ll need to get a bearer token:
You get these from the configuration page on your app:
You’ll also need:
- Box Subject Type - This can be
enterprise
or user
, depending if you’re trying to authenticate as a service account or a user account. Let’s assume enterprise for the moment.
- Box Subject ID - The id of the enterprise or the user.
To locate the enterprise id you navigate to the admin console, billing:
You will not have access to this if you are using a new(ish) box free account.
Make sure you re-authorize your app if any configuration changed. You do this on your developer console under the authorization tab for your app:
As as admin of you own developer account you then need to approve the submission. You do this under the Custom Apps Manager tab in the apps section on your admin console:
So far all of these steps are just to make sure your app is configured and authorized.
We are now ready to make a request to exchange the app credentials for a bearer token. You do this by hitting the request access token end point on the api: https://api.box.com/oauth2/token
, the parameters have to be form encoded. The cUrl command looks something like this:
curl --location 'https://api.box.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=h5...qi' \
--data-urlencode 'client_secret=Tqq...38' \
--data-urlencode 'box_subject_type=enterprise' \
--data-urlencode 'box_subject_id=877840855'
And the result is:
{
"access_token": "avu...bZI",
"expires_in": 4028,
"restricted_to": [],
"token_type": "bearer"
}
This bearer token has a life of approximately 1 hour (4028 seconds) and once it is about to expire you need to get a new one.
Again this is not specific with Box Platform, all API’s that enforce authentication will use a similar process, so it is very likely supported by Make.
I have never used Make, but from the link you shared it looks promising, especially the “Make a Client Certificate Auth request” and the “Make an API Key Auth request”. I’m not sure which one is applicable. I couldn’t get into the details ok Make.
Let us know if this helps.
Cheers
PS: I’ve just noticed that Make already has a Box Platform integration, check it out here.