I am facing issue to create the access tokan

Code =
function getNewAccessToken(clientId, clientSecret) {
return new Promise((resolve, reject) => {
const options = {
method: ‘POST’,
url: ‘https://api.box.com/oauth2/token’,
headers: {
‘Content-Type’: ‘application/x-www-form-urlencoded’
form: {
grant_type: ‘client_credentials’,
client_id: clientId,
client_secret: clientSecret,
box_subject_type: ‘user’,
box_subject_id: ‘8777888766’

request(options, function (error, response, body) {
  if (error) {
  } else {
    const parsedBody = JSON.parse(body);
    if (parsedBody.access_token) {
    } else {


I am getting the Error
error: ‘invalid_grant’,
error_description: ‘Grant credentials are invalid’

Please provide me a solution of it

Hi @user228 , welcome to the forum!

I do not see anything wrong with your request, here is my attempt:

curl --location 'https://api.box.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=h5...qi' \
--data-urlencode 'client_secret=Tqb...38' \
--data-urlencode 'box_subject_type=user' \
--data-urlencode 'box_subject_id= 18622116055'

and I get:

    "access_token": "92...Xz",
    "expires_in": 4238,
    "restricted_to": [],
    "token_type": "bearer"

So a few possibilities:

  • Your Box subject id looks more like an enterprise id than a user id, make sire you have the correct user id, or if you want to use the enterprise id (service account) then switch the subject type from user to enterprise.
  • Check you application configurations.

If you want the CCG app to impersonate users you need to have these checked:

Let us know if this helps