Existing applications and their access tokens will be removed on May 1, 2023. This includes access tokens that were created at https://accounts.boxc.com/applications.

BoxC is transitioning to a more secure and standardized format for granting authorization to applications and generating access tokens for the API. Starting May 1, 2023, in order to receive an access token a client must issue one for the authenticated user after they've granted authorization to the client. 

All users are allowed to create up to two OAuth 2.0 Clients in their account. You can learn more about the new authorization process by Setting up an OAuth 2.0 Client and Requesting Authorization From a BoxC Account for the first time.

This new process also allows clients to use BoxC as an Identity Provider by adjusting the permissions requested. Users can sign in to a client's application by authenticating with their BoxC account. This enables the application to retrieve some basic information about the user like their ID, email, name, and locality all without requiring permission to use the API.

Making requests to the API will only slightly change. You will still pass the access token into the request headers like below:

Authorization: Bearer {access_token}

But now there is an additional header that must be included:

X-BoxC-Client-Id: {client_id}

New clients are issued a unique Client ID. More information about interacting with the API can be found in the API Documentation.