Has anyone tried the new TypeScript SDK?

We are excited to introduce the latest generation (currently in Beta) of Box TypeScript SDK, designed to elevate the developer experience and streamline your integration with the Box Content Cloud.

With this SDK, you’ll have access to:

  • Full API Support: The new generation of Box SDKs empowers developers with complete coverage of the Box API ecosystem. You can now access all the latest features and functionalities offered by Box, allowing you to build even more sophisticated and feature-rich applications.
  • Rapid API Updates: Say goodbye to waiting for new Box APIs to be incorporated into the SDK. With our new auto-generation development approach, we can now add new Box APIs to the SDK at a much faster pace (in a matter of days). This means you can leverage the most up-to-date features in your applications without delay.
  • Embedded Documentation: We understand that easy access to information is crucial for developers. With our new approach, we have included comprehensive documentation for all objects and parameters directly in the source code of the SDK. This means you no longer need to look up this information on the developer portal, saving you time and streamlining your development process.
  • Enhanced Convenience Methods: Our commitment to enhancing your development experience continues with the introduction of convenience methods. These methods cover various aspects such as chunk uploads, classification, and much more.
  • Seamless Start: The new SDKs integrate essential functionalities like authentication, automatic retries with exponential backoff, exception handling, request cancellation, and type checking, enabling you to focus solely on your application’s business logic.

Want to give it a go?

Check it out at:

and share some thoughts with us.


I’m in the process of migrating to it from box-node-sdk, mostly because of critical security vulnerability we need fixed ASAP (see this git issue I opened against box-node-sdk). At first I found the documentation really light, with only a quick example on the main page of a developer token client, and no link to any documentation at all. That would be my first comment, it would be nice to have a link to documentation/api on the main page :wink:

Then I realized that you need to open the docs folder in the source, but it’s not really intuitive :slight_smile: But even with Authentication page, there is no example of using the OAuth token, only how to get it.

We have an application currently using the persistent client with the token we get from users using OAuth, and I’m not sure how to recreate this using the new TypeScript SDK. The information might be on the Authentication page, I’m thinking the ccgAuth using tokenStorage might be the way to go, but I’m not sure yet, and a clear instruction for users coming from persistent client might be really helpful.

I think a migration guide would be helpful to help people to move, and so far I haven’t found anything looking like a migration guide.

Anyway, we are really excited by a TypeScript SDK, my main comment right now is the lack of documentation :smile:

Hope that helps. If you want me to open a specific topic for my question about persistent client, so I don’t pollute this thread, I’ll be happy to open one.

Ok, one more comment/bug, and that might be why I missed it in this page, the equivalent seems to be storageToken:

const config = {
  clientId: 'OAUTH_CLIENT_ID',
  clientSecret: 'OAUTH_CLIENT_SECRET',
  tokenStorage: new MyCustomTokenStorage(),

But the TypeScript type OAuthConfig seems to be missing the property, which is why I missed it. I will open a bug for it.

Edit, I see this was fixed/added 12 minutes ago, so no need for a bug. I’ll wait for this new version to be released on npm to try it. And I wasn’t crazy, it wasn’t there the first time I read the doc a few hors ago :wink:

Hi @gdelory

We have just released the version 0.1.2 of Typescript SDK which include the changes you are waiting for.

Please check it.

1 Like

Hi @gdelory,
Thank you so much for providing your feedback! We’ll definitely take that into account when creating the resources and guides related to the TS SDK!

Great, thanks @mcong. Testing this as soon as I have a moment! Probably not before Monday though :slightly_smiling_face:


sorry about this security issue. SDK Team is working hard on new generated SDK. We will investigate if we can upgrade this dependency in existing SDK, however I cannot tell you what is the timeline of getting this solved (SDK-3326). If you can migrate then this is even better as most of team focus is on the generated SDKs.

Thanks @mcong

I’ve just tried the new version using a TokenStorage and it seems to work fine when I have a valid AccessToken in my database, but when I force a refresh token it fails. Note that the refresh token with acquired with a OAuth flow using the box node (soon to be legacy) sdk, but I guess this shouldn’t make any difference?

/home/gui/<concealed by 1Password>/node_modules/box-typescript-sdk-gen/lib/fetch.js:5
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
Error: Request failed, status code 400: Bad Request

  "error": "invalid_grant",
  "error_description": "Invalid refresh token"
    at /home/gui/<concealed by 1Password>/node_modules/box-typescript-sdk-gen/src/fetch.ts:199:11
    at Generator.next (<anonymous>)
    at fulfilled (/home/gui/<concealed by 1Password>/node_modules/box-typescript-sdk-gen/lib/fetch.js:5:58)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)

The failing code is just await client.auth.refreshToken(), note that this client is able to get items fine, so the current access token is fine.

Hello @gdelory ,

To answer your question first, even if you obtained the refreshToken from the box-node-sdk, it should not matter.
Of course, only if it has not been used in the meantime and is less than 60 days old https://developer.box.com/guides/authentication/tokens/refresh/

Let me ask you a few questions and I will be grateful if you answer them.
This will help us further investigate this problem:

  1. What kind of TokenStorage you are using? Is it your own one or the InMemoryTokenStorage?
  2. Are you sure the refreshToken you are using is valid?
  3. How exactly do you force the token to refresh? Do you call it directly on the auth object like this:
   let storage = new InMemoryTokenStorage();
   await storage.store(token);

   let config = new OAuthConfig({clientId: '<CLIENT_ID>', clientSecret: '<CLIENT_SECRET>', tokenStorage: storage})
   let auth = new OAuth({ config});
   let client = new Client({ auth });

  1. Could you show your code responsible for refreshing the token?

Hi @ajankowski, thanks a lot for you help.
First, let me know if you want me to open a dedicated forum post or a git issue so I don’t hijack this post which was only about feedback at first. I’ll be happy to delete this message and paste it in another place :slight_smile:

Now, answering your questions.

  1. What kind of TokenStorage you are using? Is it your own one or the InMemoryTokenStorage?

We are using a custom TokenStorage which stores the AccessToken in an encrypted way in our Cloudant DB. We had the same with box-node-sk using persistent client and a token store, and it worked fine. Here is the class:

class WfmTokenStorage implements TokenStorage {
  private db: MainDB
  private userId: string

  constructor(db: MainDB, userId: string) {
    this.db = db
    this.userId = userId

  async store(token: AccessToken): Promise<void> {
    await setToken(this.db, this.userId, token)
  async get(): Promise<AccessToken | undefined> {
    return await getToken(this.db, this.userId) as AccessToken | undefined
  clear(): void {
  1. Are you sure the refreshToken you are using is valid?
    I think it is, to make sure I delete the token from the DB, and re-did a OAuth loop with our live application (which still uses box-node-sdk) to get a branch new AccessToken with a new RefreshToken, so there is no reason it wouldn’t be valid. Is there anyway I could test it another way that trying to refresh with the new TS sdk?
  1. How exactly do you force the token to refresh? Do you call it directly on the auth object like this

Here is why code:

const client = getClient(main, '***************')
await client.auth.refreshToken()

with getClient being:

export function getClient(db: MainDB, user: string) {
  const auth = new OAuth({
    config: {
      clientId: config.box.clientId as string,
      clientSecret: config.box.clientSecret as string,
      tokenStorage: new WfmTokenStorage(db, user)
  return new Client({ auth })

I added some log in my TokenStorage class, and I do see the get is getting called, and it returns the correct AccessToken which with I can get folder items (the access token retrieved by the live app with box-node-sdk), it just can’t refresh, but the AccessToken was acquired a few minutes before my test.

  1. Could you show your code responsible for refreshing the token?

Not sure I see the difference with question 3 :wink: but yeah I’m forcing it just to test and play, I don’t really need to force the refresh in the real app, I will let the client do that when needed, I was just experiencing because the TTL seems really long (accessTokenTTLMS: 4222000,) and I wanted to make sure it works.

Actually, it would be great if you could move this content to GitHub - box/box-typescript-sdk-gen: Repository for generated Box TS SDK and create a new issue there with this content :slight_smile:

Perfect, will do, thanks!

Edit: opened here