We know that BOX API v1 can get a permanent auth_token, but BOX API v2 which use Oauthv2 does not, and it only valid for 1hour for the access_token and 14days for the refresh_token(afaik).
I have this application that a single form-owner integrates with BOX.
For example I have a form created that every submission will be uploaded to BOX( of course this will be set up, and it uses BOX API v1 )
Users that will submit the form will use the access_token created by the form owner.
We don't know if what time the next submission is. So by that time, the access_token might get expire or the refresh_token as well.
Can anyone enlighten me, how to refresh the token? on each user submission? or what?
BOX API v1 is no problem here, it works perfectly but because API v1 is going to die on Dec, I have to plan now to convert it to v2, but Box api v2 has a token expiration.
Thanks
I had a similar problem and the solution I got was
To write a schedule task or corn job which will
Always keep the refresh and access token alive
Create a backed task which will run say every
13 th day and use the preexisting refresh token
To get a new refresh token
Related
I got stock on how to get token. Pls do you have any tutorial on how to get refresh token? Thanks!I currently know how to show a model in a viewer, however, the token will be expire every 2 hours. It is frustrated for me to search online for how to get token. Pls could u help me on this? Thanks!
These two articles should be of help.
About Refresh Token
Landing your Forge OAuth authentication workflow
When requesting an access_token you'll also get back a refresh token that will enable you to get a new access_token without the user having to log in again.
Depending on which programming language and environment you are using you can also use our SDK's to make your life easier.
E.g. in case of Node.js you can just npm install our forge-api package that will have the necessary functions to request an access_token
The steps are:
1) Redirect the user to the Autodesk log-in page (change both the client_id and redirect_uri to match the values that is used by your registered Forge application):
https://developer.api.autodesk.com/authentication/v1/authorize?response_type=code&client_id=xxx&redirect_uri=xxx&scope=data:read
2) Implement in your application the endpoint that you specified for your Forge application's redirect_uri
3) Using the token you got back above request an access_token
https://developer.api.autodesk.com/authentication/v1/gettoken
4) When you need a new access_token you can use the refresh_token that the gettoken endpoint also returned: https://developer.api.autodesk.com/authentication/v1/refreshtoken
I am constructing a web app in Google Apps Script that updates a card in Trello when a checkbox is checked on a different card. My question is, if along with this functionality, I also wanted to construct a new card with a checkbox that performs the same function, is this possible with Google Apps Script? This would require (I think) registering a new webhook dynamically to the new card.
Currently I am using http://www.littlebluemonkey.com/blog/pimp-your-trello-cards as a tutorial. He states this cannot be done as the web app must be deployed with the settings of:
Execute the app as: User accessing the web app
Who has access to the app: Anyone
to register the webhooks because Trello sends back a HEAD request to complete the handshake. And the app must be updated as:
Execute the app as: Me
Who has access to the app: Anyone, even anonymous
to receive POST responses from the webhooks. If this is the case then I don't think I can do what I want as I need to toggle the permissions each time the webhooks are registered. I have attempted using each set of permissions for both registering the webhooks and receiving the POST responses but either the hooks will not register or the responses will not be received.
You can not change the permissions of Google Apps Script programmatically.
[Alternative solutions]
If idModel of webhook is set to idMember instead of card id, all actions can be received comprehensively. You can combine Label and action type to create the function you want.
Use a Google Cloud Functions (GCF) paid plan.
GCF can use res.status (200) so you do not need to change permissions.
GCF Spark Plan (Free Plan)'s outbound networking
is restricted to Google services only. That is, you can receive Webhook from Trello but can not send a request to Trello.
In case of Flame Plan ($ 25 / month), you can receive a webhook and set a webhook on another card with one function.
If you do not use webhook any more with the registered card, there is a way to update idModel with the id of the next card.
I'm developing a google connector (for google search appliance), and I need to do the authentication to box.com but without having to do the login, and allow pages. Perhaps is a duplicate to: Box API Login issue
There is a way to achieve this. You will have to retrieve your token using the OAuth2 flow the first time. Then you will need to store the access token in your database along with it's refresh token. The Access token expires in 1 hour. The refresh token expires in 14 days. You can use the refresh token to get a new access token every time you need to make a request bypassing the user authentication flow. You will just need to make sure, your refresh token is used within 14 days. You are better off setting a cron that refreshes your tokens.
I've built this in my application so just build this out and your app will work well.
I hope this helps.
The Box API is currently only accessible after authenticating a user through OAuth 2
Either I'm dense, or the docs assume I already know what they're telling me, but I need some clarification on doing authentication for a box.com app. I really don't understand whate's going on. As I read it:
the app running on the user's machine sends a request to Box, including all the little secrets (Which aren't all that secret any more if the user knows how to read the code).
The user is directed to the Box login page, which then sends the user to my server (with no page specified) attaching an authentication code.
The app somehow magically gets that code back from my server and sends a request to Box for the access token.
Box sends the access token to my server?
The app again magically gets the access token from my server and sends its APT requests.
Obviously I got lost somewhere.
And, why do I have to have a server involved in the process? The article on making a JavaScript app refers to a direct request for a token. Is there documentation on that somewhere?
You register your application on Box
After registration you receive clientId and clientSecret once on Box website
You hardcode your credentials somewhere in your application
First time your application needs to access Box API it should redirect user to https://www.box.com/api/oauth2/authorize, specifying your clientId, clientSecret and redirectURI as parameters. About redirectURI see below.
The box.com website opens. User enters his own credentials in the web form on box.com
User allows your application to access his files via API on the box.com website
Box redirects user back to you application using redirectURI specified before. One of the parameters to this request is "code". This is a very short-lived (30 seconds) access code that is only aligable for obtaining real access token.
During next 30 seconds your application should make another call to Box API to next URL: https://www.box.com/api/oauth2/token, specifying the previously obtained code. If everything was correct, your application receives an access_token, a refresh_token and "expires" values.
Now your application can make requests to Box API, specifying access_token every time
access_token expires in number of seconds, specified in "expires" field. It should be about 3600 seconds or 1 hour. Each time your application sees that access_token has expired, it should make another request to Box with the refresh_token and obtain a fresh access_token for another 1 hour.
refresh_token itself expires in 14 days
Note: if you develop a desktop application, then you should open browser for user on the step 4, redirectURI should be something like http://127.0.0.1:8080/Callback and you should run a small webserver just to catch the redirect with the code as in step 7.
Box requires that you specify a redirect_uri in your application's profile, and it must be an HTTPS URL.
As a result, it is not possible to use box with what google's oauth2 documentation calls "Client Side" or "Installed" applications, only "Web Server Applications" are allowed. Web Server applications do not have the secret leaking problem, because only the server knows the secret. You can pass the access token from your server to javascript on the client after
the oauth transaction is complete, if you want the client to make api requests directly.
In your question you are not totally clear in what you are actually trying to produce.
I however suspect that you are trying to write a client application what needs to authenticate to box using the OAUTH2 solution they have delivered in API V2.
If this is for an IPhone for example BOX has a great example of how to handle it.
In a WinForm application you would need to capture the resulting code sent back by box in the browser1.isnavigating event.
Windows console application you register a custom URI registration to collect the code.
Neither of these need to be registered in the API developers Application on box as you would pass the redirect required in the request to box.
If this does not point you in the right direction and your writing a .NET app then post again and I will try to clarify a little more.
Box requires some form user interaction which is short sighted in my opinion but try a web service that simulates a user interaction which then you can save/pass the token to your application to sync up with the Box "Cloud".
I know the steps to authenticate user and getting the user info after performing this call:
GET https://www.box.com/api/1.0/rest?action=get_auth_token&api_key={your api key}&ticket={your ticket}
But what I'm really looking for is to get user info after performing certain operation such as upload new file, in particular the user quota:
<space_amount>1234567</space_amount>
<space_used>1234</space_used>
Is there any way to get the latest user quota without calling the 'get_auth_token' again? As I understand it, 'get_auth_token' will generate new auth_token which I'd like to avoid.
There isn't yet a fully equivalent method in the v2 API. but you can utilize the get_account_info method from the v1 API to retrieve this information.