Contents
pip install "boxsdk>=1.5,<2.0"
The production version of the boxsdk
package is the 1.5.x release track.
The code can be found on Github at
<https://github.com/box/box-python-sdk/tree/1.5>. This is what will be
installed with pip install boxsdk
.
The development version of the boxsdk
package is the 2.0.0 release track,
currently in an alpha release. The code can be found on Github at
<https://github.com/box/box-python-sdk/tree/master>. This isn't installed by
pip
by default, but can be installed if specifying a specific version. For
example, pip install boxsdk==2.0.0a5
. We welcome early testing and feedback
on these alpha releases. Note that while we're still in alpha, version 2.0.0 is
subject to change, and there might be breaking changes between alpha releases
(e.g. between 2.0.0a2 and 2.0.0a3).
The 1.5.x release track will receive bugfix support at least until the final release of 2.0.0.
We always recommend pinning to a specific version (e.g. by adding
boxsdk==1.5.3
in your requirements.txt
file), so that you don't risk
accidentally upgrading to a new version and breaking your application. This is
particularly important with the upcoming 2.0.0 release. There will be some
breaking changes in version 2.0.0, which might break your application if you
upgrade without adapting your code first.
The Box API uses OAuth2 for auth. The SDK makes it relatively painless to work with OAuth2 tokens.
from boxsdk import OAuth2
oauth = OAuth2(
client_id='YOUR_CLIENT_ID',
client_secret='YOUR_CLIENT_SECRET',
store_tokens=your_store_tokens_callback_method,
)
auth_url, csrf_token = oauth.get_authorization_url('http://YOUR_REDIRECT_URL')
store_tokens is a callback used to store the access token and refresh token. You might want to define something like this:
def store_tokens(access_token, refresh_token):
# store the tokens at secure storage (e.g. Keychain)
The SDK will keep the tokens in memory for the duration of the Python script run, so you don't always need to pass store_tokens.
If you navigate the user to the auth_url, the user will eventually get redirected to http://YOUR_REDIRECT_URL?code=YOUR_AUTH_CODE. After getting the code, you will be able to use the code to exchange for an access token and refresh token.
The SDK handles all the work for you; all you need to do is run:
# Make sure that the csrf token you get from the `state` parameter
# in the final redirect URI is the same token you get from the
# get_authorization_url method.
assert 'THE_CSRF_TOKEN_YOU_GOT' == csrf_token
access_token, refresh_token = oauth.authenticate('YOUR_AUTH_CODE')
from boxsdk import Client
client = Client(oauth)
And that's it! You can start using the client to do all kinds of cool stuff and the SDK will handle the token refresh for you automatically.
me = client.user(user_id='me').get()
print 'user_login: ' + me['login']
root_folder = client.folder(folder_id='0').get()
print 'folder owner: ' + root_folder.owned_by['login']
print 'folder name: ' + root_folder['name']
items = client.folder(folder_id='0').get_items(limit=100, offset=0)
# creates folder structure /L1/L2/L3
client.folder(folder_id='0').create_subfolder('L1').create_subfolder('L2').create_subfolder('L3')
shared_link = client.folder(folder_id='SOME_FOLDER_ID').get_shared_link()
download_url = client.file(file_id='SOME_FILE_ID').get_shared_link_download_url()
client.file(file_id='SOME_FILE_ID').get()['name']
client.file(file_id='SOME_FILE_ID').rename('bar-2.txt')
client.file(file_id='SOME_FILE_ID').move(client.folder(folder_id='SOME_FOLDER_ID'))
client.file(file_id='SOME_FILE_ID').content()
client.file(file_id='SOME_FILE_ID').lock()
client.file(file_id='SOME_FILE_ID').unlock()
client.search('some_query', limit=100, offset=0)
from boxsdk.object.search import MetadataSearchFilter, MetadataSearchFilters
metadata_search_filter = MetadataSearchFilter(template_key='marketingCollateral', scope='enterprise')
metadata_search_filter.add_value_based_filter(field_key='documentType', value='datasheet')
metadata_search_filter.add_value_based_filter(field_key='clientNumber', value='a123')
metadata_search_filters = MetadataSearchFilters()
metadata_search_filters.add_filter(metadata_search_filter)
client.search('some_query', limit=100, offset=0, metadata_filters=metadata_search_filters)
# Get events
client.events().get_events(limit=100, stream_position='now')
# Generate events using long polling
for event in client.events().generate_events_with_long_polling():
pass # Do something with the event
# Get latest stream position
client.events().get_latest_stream_position()
# Get metadata
client.file(file_id='SOME_FILE_ID').metadata().get()
# Create metadata
client.file(file_id='SOME_FILE_ID').metadata().create({'key': 'value'})
# Update metadata
metadata = client.file(file_id='SOME_FILE_ID').metadata()
update = metadata.start_update()
update.add('/key', 'new_value')
metadata.update(update)
The Client
class and all Box objects also have an as_user
method.
as-user
returns a copy of the object on which it was called that will make Box API requests
as though the specified user was making it.
See https://box-content.readme.io/#as-user-1 for more information about how this works via the Box API.
# Logged in as admin, but rename a file as SOME USER
user = client.user(user_id='SOME_USER_ID')
client.as_user(user).file(file_id='SOME_FILE_ID').rename('bar-2.txt')
# Same thing, but using file's as_user method
client.file(file_id='SOME_FILE_ID').as_user(user).rename('bar-2.txt')
The Box API is continually evolving. As such, there are API endpoints available that are not specifically
supported by the SDK. You can still use these endpoints by using the make_request
method of the Client
.
# https://box-content.readme.io/reference#get-metadata-schema
# Returns a Python dictionary containing the result of the API request
json_response = client.make_request(
'GET',
client.get_url('metadata_templates', 'enterprise', 'customer', 'schema'),
).json()
make_request()
takes two parameters:
method
-an HTTP verb likeGET
orPOST
url
- the URL of the requested API endpoint
The Client
class and Box objects have a get_url
method. Pass it an endpoint
to get the correct URL for use with that object and endpoint.
The Python SDK supports your Box Developer Edition applications.
Developer Edition support requires some extra dependencies. To get them, simply
pip install boxsdk[jwt]
Instead of instantiating your Client
with an instance of OAuth2
,
instead use an instance of JWTAuth
.
from boxsdk import JWTAuth
auth = JWTAuth(
client_id='YOUR_CLIENT_ID',
client_secret='YOUR_CLIENT_SECRET',
enterprise_id='YOUR_ENTERPRISE_ID',
jwt_key_id='YOUR_JWT_KEY_ID',
rsa_private_key_file_sys_path='CERT.PEM',
store_tokens=your_store_tokens_callback_method,
)
access_token = auth.authenticate_instance()
from boxsdk import Client
client = Client(auth)
This client is able to create application users:
ned_stark_user = client.create_user('Ned Stark')
These users can then be authenticated:
ned_auth = JWTAuth(
client_id='YOUR_CLIENT_ID',
client_secret='YOUR_CLIENT_SECRET',
enterprise_id='YOUR_ENTERPRISE_ID',
jwt_key_id='YOUR_JWT_KEY_ID',
rsa_private_key_file_sys_path='CERT.PEM',
store_tokens=your_store_tokens_callback_method,
)
ned_auth.authenticate_app_user(ned_stark_user)
ned_client = Client(ned_auth)
Requests made with ned_client
(or objects returned from ned_client
's methods)
will be performed on behalf of the newly created app user.
For advanced uses of the SDK, two additional auth classes are provided:
CooperativelyManagedOAuth2
: Allows multiple auth instances to share tokens.RemoteOAuth2
: Allows use of the SDK on clients without access to your application's client secret. Instead, you provide aretrieve_access_token
callback. That callback should perform the token refresh, perhaps on your server that does have access to the client secret.RedisManagedOAuth2
: Stores access and refresh tokens in Redis. This allows multiple processes (possibly spanning multiple machines) to share access tokens while synchronizing token refresh. This could be useful for a multiprocess web server, for example.
For more insight into the network calls the SDK is making, you can use the LoggingClient
class. This class logs
information about network requests and responses made to the Box API.
>>> from boxsdk import LoggingClient
>>> client = LoggingClient()
>>> client.user().get()
GET https://api.box.com/2.0/users/me {'headers': {u'Authorization': u'Bearer ---------------------------kBjp',
u'User-Agent': u'box-python-sdk-1.5.0'},
'params': None}
{"type":"user","id":"..","name":"Jeffrey Meadows","login":"..",..}
<boxsdk.object.user.User at 0x10615b8d0>
For more control over how the information is logged, use the LoggingNetwork
class directly.
from boxsdk import Client
from boxsdk.network.logging_network import LoggingNetwork
# Use a custom logger
client = Client(oauth, network_layer=LoggingNetwork(logger))
The Box Developer Console allows for the creation of short-lived developer tokens. The SDK makes it easy to use these
tokens. Use the get_new_token_callback
parameter to control how the client will get new developer tokens as
needed. The default is to prompt standard input for a token.
For exploring the Box API, or to quickly get going using the SDK, the DevelopmentClient
class combines the
LoggingClient
with the DeveloperTokenClient
.
See CONTRIBUTING.rst.
Create a virtual environment and install packages -
mkvirtualenv boxsdk
pip install -r requirements-dev.txt
Run all tests using -
tox
The tox tests include code style checks via pep8 and pylint.
The tox tests are configured to run on Python 2.6, 2.7, 3.3, 3.4, 3.5, 3.6, and PyPy2.7 (our CI is configured to run PyPy2.7 tests on PyPy2.7 5.8.0).
Need to contact us directly? Email [email protected] and be sure to include the name of this project in the subject. For questions, please contact us directly rather than opening an issue.
Copyright 2015 Box, Inc. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.