App approval needed

It says a box admin has to approve my application, who do i contact to get it approved?


I’m going to need a bot more context on what are you trying to do.

Are you trying to publish an application in the Box application store so that anyone in the world can use it, or are you trying to authorize an internal application to be used in your Box account?

Let us know

An internal to be used in my box account. An integration with your api

Alright, follow these steps.

Navigate to your developer console and select the app you want to authorize, in my case, the app is just named JWT. Select the Authorization tab and click review and submit:

Then navigate to your administration console, apps, custom apps manager, and authorize your app:

You should now be able to request access tokens using this app.

If any of these options is not available, it probably means you have a free account. If that is the case consider creating a free developer account.

Let us know if this helps

Best regards

Select the Authorization tab and click review and submit:

You have mentioned above point but in the application we created, we can not see Authorization tab.

You seem to have a free account, that is not going to be able to work with CCG or JWT applications. OAuth 2.0 will work fine.

Can you create a new free developer account? Does that fit your use case?

We have created a “Demo Users” Application on the and generated the developer token and by using the developer token we have made cfhhtp call to the endpoint (, but we are getting the response as “{“error”:“unauthorized_client”,“error_description”:” The grant type is unauthorized for this client_id"}".


That makes sense, you can’t refresh a developer token, other than manually generate it via de developer console.

There are 3 types of authentication apps in Box:

  • OAuth 2.0 - Available in all box tiers, requires a user to login to box and authorize the app
  • CCG - Client Credential Grants - Not available in free accounts - Requires administrator to approve the application. Creates a service account for application.
  • JWT - JSON Web Tokens - Same as CCG.

On top of these, there are 3 types of users in Box:

  • Managed users - Typically represent a human user that can actually login to
  • Service accounts - Typically represent an account for an application, can access the API but can not login to
  • Application users - Typically represent users within the application. These users can not login to

Tell me a bit more about what are you trying to accomplish.

Best regards

1 Like