Box · OAuth Scopes

Box OAuth Scopes

OAuth 2.0 derived

Box publishes 9 OAuth 2.0 scopes via the authorizationCode flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Box API on a user’s behalf.

Tokens are issued from https://api.box.com/oauth2/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

Cloud StorageCollaborationContent ManagementDocumentsEnterpriseFile Sharing
Scopes: 9 Flows: authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://account.box.com/api/oauth2/authorize
Token URL
https://api.box.com/oauth2/token
Flows
authorizationCode

Scopes (9)

ScopeDescriptionFlows
manage_app_users Provision and manage app users authorizationCode
manage_data_retention Manage data retention polices authorizationCode
manage_enterprise_properties Manage enterprise properties authorizationCode
manage_groups Manage an enterprise's groups authorizationCode
manage_legal_hold Manage Legal Holds authorizationCode
manage_managed_users Provision and manage managed users authorizationCode
manage_webhook Create webhooks programmatically through the API authorizationCode
root_readonly Read all files and folders stored in Box authorizationCode
root_readwrite Read and write all files and folders stored in Box authorizationCode

Source

OAuth Scopes

box-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/box-openapi-original.yml
schemes:
- name: OAuth2Security
  source: openapi/box-openapi-original.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://account.box.com/api/oauth2/authorize
    tokenUrl: https://api.box.com/oauth2/token
scopes:
- scope: manage_app_users
  description: Provision and manage app users
  flows:
  - authorizationCode
  sources:
  - openapi/box-openapi-original.yml
- scope: manage_data_retention
  description: Manage data retention polices
  flows:
  - authorizationCode
  sources:
  - openapi/box-openapi-original.yml
- scope: manage_enterprise_properties
  description: Manage enterprise properties
  flows:
  - authorizationCode
  sources:
  - openapi/box-openapi-original.yml
- scope: manage_groups
  description: Manage an enterprise's groups
  flows:
  - authorizationCode
  sources:
  - openapi/box-openapi-original.yml
- scope: manage_legal_hold
  description: Manage Legal Holds
  flows:
  - authorizationCode
  sources:
  - openapi/box-openapi-original.yml
- scope: manage_managed_users
  description: Provision and manage managed users
  flows:
  - authorizationCode
  sources:
  - openapi/box-openapi-original.yml
- scope: manage_webhook
  description: Create webhooks programmatically through the API
  flows:
  - authorizationCode
  sources:
  - openapi/box-openapi-original.yml
- scope: root_readonly
  description: Read all files and folders stored in Box
  flows:
  - authorizationCode
  sources:
  - openapi/box-openapi-original.yml
- scope: root_readwrite
  description: Read and write all files and folders stored in Box
  flows:
  - authorizationCode
  sources:
  - openapi/box-openapi-original.yml