openapi: 3.1.0
info:
  title: Box Authorize API
  description: Needs a description.
paths:
  /authorize:
    get:
      operationId: get_authorize
      summary: Box Authorize user
      description: |-
        Authorize a user by sending them through the [Box](https://box.com)
        website and request their permission to act on their behalf.

        This is the first step when authenticating a user using
        OAuth 2.0. To request a user's authorization to use the Box APIs
        on their behalf you will need to send a user to the URL with this
        format.
      tags:
        - Authorize
      x-box-tag: authorization
      security: []
      servers:
        - url: https://account.box.com/api/oauth2
          description: Server for client-side authentication
      parameters:
        - name: response_type
          description: The type of response we'd like to receive.
          in: query
          example: code
          required: true
          schema:
            type: string
            format: token
            enum:
              - code
        - name: client_id
          description: >-
            The Client ID of the application that is requesting to authenticate

            the user. To get the Client ID for your application, log in to your

            Box developer console and click the **Edit Application** link for

            the application you're working with. In the OAuth 2.0 Parameters
            section

            of the configuration page, find the item labelled `client_id`. The

            text of that item is your application's Client ID.
          in: query
          example: ly1nj6n11vionaie65emwzk575hnnmrk
          required: true
          schema:
            type: string
        - name: redirect_uri
          description: >-
            The URI to which Box redirects the browser after the user has
            granted

            or denied the application permission. This URI match one of the
            redirect

            URIs in the configuration of your application. It must be a

            valid HTTPS URI and it needs to be able to handle the redirection to

            complete the next step in the OAuth 2.0 flow.

            Although this parameter is optional, it must be a part of the

            authorization URL if you configured multiple redirect URIs

            for the application in the developer console. A missing parameter
            causes

            a `redirect_uri_missing` error after the user grants application
            access.
          in: query
          example: http://example.com/auth/callback
          required: false
          schema:
            type: string
            format: url
        - name: state
          description: |-
            A custom string of your choice. Box will pass the same string to
            the redirect URL when authentication is complete. This parameter
            can be used to identify a user on redirect, as well as protect
            against hijacked sessions and other exploits.
          in: query
          example: my_state
          required: false
          schema:
            type: string
        - name: scope
          description: >-
            A space-separated list of application scopes you'd like to

            authenticate the user for. This defaults to all the scopes
            configured

            for the application in its configuration page.
          in: query
          example: admin_readwrite
          required: false
          schema:
            type: string
      responses:
        '200':
          description: Does not return any data, but rather should be used in the browser.
          content:
            text/html:
              schema:
                type: string
                format: html
        default:
          description: Does not return any data, but rather should be used in the browser.
          content:
            text/html:
              schema:
                type: string
                format: html
components:
  schemas: {}
tags:
  - name: Authorize