{
"info": {
"_postman_id": "2075655c-1347-425d-bd5a-cb65b46c9992",
"name": "Box API with JWT",
"schema": "https://schema.getpostman.com/json/collection/v2.0.0/collection.json"
},
"item": [
{
"name": "INIT: Load crypto library for RS512",
"event": [
{
"listen": "test",
"script": {
"id": "b96fbc6c-da08-4433-a515-c071eca2090c",
"exec": [
"pm.collectionVariables.set(\"jsrsasign_js\", responseBody);"
],
"type": "text/javascript"
}
}
],
"id": "67a37f14-a9ae-4b62-9b29-56011963ec2d",
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"method": "GET",
"header": [],
"url": "http://kjur.github.io/jsrsasign/jsrsasign-latest-all-min.js",
"description": "Load the RSA-Sign Crypto LIbrary in a global environment variable\n\nSource: http://kjur.github.io/jsrsasign/jsrsasign-latest-all-min.js\n\nGithub: https://github.com/kjur/jsrsasign"
},
"response": []
},
{
"name": "Request access token (JWT)",
"event": [
{
"listen": "test",
"script": {
"id": "ad12bab7-e342-4dfd-bc4c-48c21dff85b7",
"exec": [
"let jsonData = JSON.parse(responseBody);\r",
"\r",
"const newExpiresAt = Date.now() + jsonData.expires_in * 1000\r",
"\r",
"// Store the new variables in the environment\r",
"pm.collectionVariables.set(\"jwt_access_token\", jsonData.access_token);\r",
"pm.collectionVariables.set(\"jwt_expires_at\", newExpiresAt);\r",
"\r",
"// (Optional) Clear the env variables as we don't need those after fetching the token\r",
"pm.collectionVariables.unset(\"jwt_assertion\");\r",
"pm.collectionVariables.unset(\"jwt_client_id\");\r",
"pm.collectionVariables.unset(\"jwt_client_secret\");"
],
"type": "text/javascript"
}
},
{
"listen": "prerequest",
"script": {
"id": "d4e36a11-7491-44c6-942c-f2adc53851f9",
"exec": [
"// Load the jsrsasign library into Postman Sandbox\r",
"const navigator = {}; //fake a navigator object for the lib\r",
"const window = {}; //fake a window object for the lib\r",
"eval(pm.collectionVariables.get(\"jsrsasign_js\")); //import javascript jsrsasign\r",
"\r",
"const envConfig = pm.collectionVariables.get('config_json')\r",
"const config = JSON.parse(envConfig);\r",
"\r",
"// Generate random string for \"jti\" claim\r",
"let newJti = \"\";\r",
"const charset = \"abcdefghijklmnopqrstuvwxyz0123456789\";\r",
"\r",
"// At Box, it must be at least 16 characters and at most 128 characters\r",
"// Ref: https://developer.box.com/guides/authentication/jwt/without-sdk/#3-create-jwt-assertion\r",
"for( let i=0; i < 16; i++ ) {\r",
" newJti += charset.charAt(Math.floor(Math.random() * charset.length));\r",
"}\r",
"\r",
"// Create Header and Payload objects\r",
"const authenticationUrl = \"https://api.box.com/oauth2/token\";\r",
"\r",
"let header = {\r",
" \"kid\": config.boxAppSettings.appAuth.publicKeyID,\r",
" \"alg\": 'RS512'\r",
"};\r",
"\r",
"let payload = {\r",
" iss: config.boxAppSettings.clientID,\r",
" sub: config.enterpriseID,\r",
" box_sub_type: \"enterprise\",\r",
" aud: authenticationUrl,\r",
" jti: newJti,\r",
" exp: Math.floor(Date.now() / 1000) + 45\r",
"};\r",
"\r",
"const key = {\r",
" key: config.boxAppSettings.appAuth.privateKey,\r",
" passphrase: config.boxAppSettings.appAuth.passphrase\r",
"};\r",
"\r",
"const prvKey = KEYUTIL.getKey(key.key, key.passphrase);\r",
"\r",
"// Prep the objects for a JWT\r",
"const sHeader = JSON.stringify(header);\r",
"const sPayload = JSON.stringify(payload);\r",
"\r",
"const sJWT = KJUR.jws.JWS.sign(header.alg, sHeader, sPayload, prvKey);\r",
"\r",
"// Set as env variables (these will be cleared after the call in post-script \"Tests\" phase)\r",
"pm.collectionVariables.set(\"jwt_assertion\", sJWT);\r",
"pm.collectionVariables.set(\"jwt_client_id\", config.boxAppSettings.clientID);\r",
"pm.collectionVariables.set(\"jwt_client_secret\", config.boxAppSettings.clientSecret);"
],
"type": "text/javascript"
}
}
],
"id": "ad3510b8-39f4-486b-be2c-f659ddee97b3",
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"auth": {
"type": "noauth"
},
"method": "POST",
"header": [],
"body": {
"mode": "formdata",
"formdata": [
{
"key": "grant_type",
"value": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"type": "text"
},
{
"key": "assertion",
"value": "{{jwt_assertion}}",
"type": "text"
},
{
"key": "client_id",
"value": "{{jwt_client_id}}",
"type": "text"
},
{
"key": "client_secret",
"value": "{{jwt_client_secret}}",
"type": "text"
}
]
},
"url": "https://api.box.com/oauth2/token"
},
"response": []
},
{
"name": "Get current user",
"event": [
{
"listen": "prerequest",
"script": {
"id": "7e6a19d0-7542-4c19-b942-fbbb1639e70f",
"exec": [
"// Determine if the Access Token has expired",
"const expiresAt = pm.collectionVariables.get('jwt_expires_at')",
"const accessToken = pm.collectionVariables.get('jwt_access_token')",
"const expired = Date.now() > Number(expiresAt)",
"",
"// If token is present and is not expired, then we immediately exit and move on to making the call",
"if ( accessToken && expiresAt && !expired ) {",
" return",
"}",
"",
"// Load the jsrsasign library into Postman Sandbox",
"const navigator = {}; //fake a navigator object for the lib",
"const window = {}; //fake a window object for the lib",
"eval(pm.collectionVariables.get(\"jsrsasign_js\")); //import javascript jsrsasign",
"",
"const envConfig = pm.collectionVariables.get('config_json')",
"const config = JSON.parse(envConfig);",
"",
"// Generate random string for \"jti\" claim",
"let newJti = \"\";",
"const charset = \"abcdefghijklmnopqrstuvwxyz0123456789\";",
"",
"// At Box, it must be at least 16 characters and at most 128 characters",
"// Ref: https://developer.box.com/guides/authentication/jwt/without-sdk/#3-create-jwt-assertion",
"for( let i=0; i < 16; i++ ) {",
" newJti += charset.charAt(Math.floor(Math.random() * charset.length));",
"}",
"",
"// Create Header and Payload objects",
"const authenticationUrl = \"https://api.box.com/oauth2/token\";",
"",
"let header = {",
" \"kid\": config.boxAppSettings.appAuth.publicKeyID,",
" \"alg\": 'RS512'",
"};",
"",
"let payload = {",
" iss: config.boxAppSettings.clientID,",
" sub: config.enterpriseID,",
" box_sub_type: \"enterprise\",",
" aud: authenticationUrl,",
" jti: newJti,",
" exp: Math.floor(Date.now() / 1000) + 45",
"};",
"",
"const key = {",
" key: config.boxAppSettings.appAuth.privateKey,",
" passphrase: config.boxAppSettings.appAuth.passphrase",
"};",
"",
"const prvKey = KEYUTIL.getKey(key.key, key.passphrase);",
"",
"// Prep the objects for a JWT",
"const sHeader = JSON.stringify(header);",
"const sPayload = JSON.stringify(payload);",
"",
"const sJWT = KJUR.jws.JWS.sign(header.alg, sHeader, sPayload, prvKey);",
"",
"// determine if we have all the client credentials needed in the environment",
"const hasClientId = String(config.boxAppSettings.clientID).length === 32",
"const hasClientSecret = String(config.boxAppSettings.clientSecret).length === 32",
"const hasAllCredentials = hasClientId && hasClientSecret && sJWT",
"",
"// if the access token expired and auto refresh has been set, use the refresh",
"// token to create a new access token",
"if (hasAllCredentials) {",
" // send a new API request to refresh the access token",
" pm.sendRequest({",
" url: 'https://api.box.com/oauth2/token',",
" method: 'POST',",
" headers: { 'Content-Type': 'Content-Type: application/x-www-form-urlencoded' },",
" body: {",
" mode: 'urlencoded',",
" urlencoded: [",
" { key: 'client_id', value: config.boxAppSettings.clientID, disabled: false },",
" { key: 'client_secret', value: config.boxAppSettings.clientSecret, disabled: false },",
" { key: 'assertion', value: sJWT, disabled: false },",
" { key: 'grant_type', value: 'urn:ietf:params:oauth:grant-type:jwt-bearer', disabled: false }",
" ]",
" }",
" }, function (error, response) {",
" if (error || response.json().error) {",
" // if an error occured, log the error and raise a message to the user.",
" console.log(error)",
" console.log(response.json())",
" throw new Error('Could not get the access token. Check the console for more details.')",
" } else {",
" // otherwise, fetch the new access token and store it",
" const data = response.json()",
"",
" // determine when this token is set to expire at",
" const newExpiresAt = Date.now() + data.expires_in * 1000",
" // store the new variables in the environment",
" pm.collectionVariables.set('jwt_access_token', data.access_token)",
" pm.collectionVariables.set('jwt_expires_at', newExpiresAt)",
" }",
" })",
"} else {",
" // if you are here, that means either client_id, client secret or JWT assertion is missing/incorrect.",
" throw new Error('Something is wrong with the env variable \"config_json\". Please make sure you have the right configuration defined as \"config_json\" in Collection Variable.')",
"}"
],
"type": "text/javascript"
}
}
],
"id": "2333ec02-515e-411c-a392-6a5cfae54b75",
"request": {
"auth": {
"type": "oauth2",
"oauth2": {
"tokenType": "",
"accessToken": "{{jwt_access_token}}",
"addTokenTo": "header"
}
},
"method": "GET",
"header": [],
"url": {
"raw": "https://api.box.com/2.0/users/me",
"protocol": "https",
"host": [
"api",
"box",
"com"
],
"path": [
"2.0",
"users",
"me"
],
"query": [
{
"key": "fields",
"value": "id,type,name",
"description": "A comma-separated list of attributes to include in the\nresponse. This can be used to request fields that are\nnot normally returned in a standard response.\n\nBe aware that specifying this parameter will have the\neffect that none of the standard fields are returned in\nthe response unless explicitly specified, instead only\nfields for the mini representation are returned, additional\nto the fields requested.",
"disabled": true
}
]
},
"description": "Retrieves information about the user who is currently authenticated.\n\nhttps://developer.box.com/reference/get-users-me"
},
"response": [
{
"id": "d0271a6e-8b5c-4e71-8384-b6850ea9fc86",
"name": "[200] Returns a single user object.",
"originalRequest": {
"auth": {
"type": "oauth2",
"oauth2": {
"accessToken": "{{access_token}}",
"addTokenTo": "header",
"tokenType": "bearer"
}
},
"method": "GET",
"header": [],
"url": {
"raw": "https://{{api.box.com}}/2.0/users/me",
"protocol": "https",
"host": [
"{{api.box.com}}"
],
"path": [
"2.0",
"users",
"me"
],
"query": [
{
"key": "fields",
"value": "id,type,name",
"description": "A comma-separated list of attributes to include in the\nresponse. This can be used to request fields that are\nnot normally returned in a standard response.\n\nBe aware that specifying this parameter will have the\neffect that none of the standard fields are returned in\nthe response unless explicitly specified, instead only\nfields for the mini representation are returned, additional\nto the fields requested.",
"disabled": true
}
]
},
"description": "Retrieves information about the user who is currently authenticated.\n\nhttps://developer.box.com/reference/get-users-me"
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "Text",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [],
"responseTime": null,
"body": "{\n \"id\": \"11446498\",\n \"type\": \"user\",\n \"name\": \"Aaron Levie\",\n \"login\": \"ceo@example.com\",\n \"created_at\": \"2012-12-12T10:53:43-08:00\",\n \"modified_at\": \"2012-12-12T10:53:43-08:00\",\n \"language\": \"en\",\n \"timezone\": \"Africa/Bujumbura\",\n \"space_amount\": 11345156112,\n \"space_used\": 1237009912,\n \"max_upload_size\": 2147483648,\n \"status\": \"active\",\n \"job_title\": \"CEO\",\n \"phone\": \"6509241374\",\n \"address\": \"900 Jefferson Ave, Redwood City, CA 94063\",\n \"avatar_url\": \"https://www.box.com/api/avatar/large/181216415\",\n \"notification_email\": {\n \"email\": \"notifications@example.com\",\n \"is_confirmed\": true\n }\n}"
}
]
},
{
"name": "List items in folder",
"event": [
{
"listen": "prerequest",
"script": {
"id": "02ac6508-47fc-499b-a787-6569043786e1",
"exec": [
"// Determine if the Access Token has expired",
"const expiresAt = pm.collectionVariables.get('jwt_expires_at')",
"const accessToken = pm.collectionVariables.get('jwt_access_token')",
"const expired = Date.now() > Number(expiresAt)",
"",
"// If token is present and is not expired, then we immediately exit and move on to making the call",
"if ( accessToken && expiresAt && !expired ) {",
" return",
"}",
"",
"// Load the jsrsasign library into Postman Sandbox",
"const navigator = {}; //fake a navigator object for the lib",
"const window = {}; //fake a window object for the lib",
"eval(pm.collectionVariables.get(\"jsrsasign_js\")); //import javascript jsrsasign",
"",
"const envConfig = pm.collectionVariables.get('config_json')",
"const config = JSON.parse(envConfig);",
"",
"// Generate random string for \"jti\" claim",
"let newJti = \"\";",
"const charset = \"abcdefghijklmnopqrstuvwxyz0123456789\";",
"",
"// At Box, it must be at least 16 characters and at most 128 characters",
"// Ref: https://developer.box.com/guides/authentication/jwt/without-sdk/#3-create-jwt-assertion",
"for( let i=0; i < 16; i++ ) {",
" newJti += charset.charAt(Math.floor(Math.random() * charset.length));",
"}",
"",
"// Create Header and Payload objects",
"const authenticationUrl = \"https://api.box.com/oauth2/token\";",
"",
"let header = {",
" \"kid\": config.boxAppSettings.appAuth.publicKeyID,",
" \"alg\": 'RS512'",
"};",
"",
"let payload = {",
" iss: config.boxAppSettings.clientID,",
" sub: config.enterpriseID,",
" box_sub_type: \"enterprise\",",
" aud: authenticationUrl,",
" jti: newJti,",
" exp: Math.floor(Date.now() / 1000) + 45",
"};",
"",
"const key = {",
" key: config.boxAppSettings.appAuth.privateKey,",
" passphrase: config.boxAppSettings.appAuth.passphrase",
"};",
"",
"const prvKey = KEYUTIL.getKey(key.key, key.passphrase);",
"",
"// Prep the objects for a JWT",
"const sHeader = JSON.stringify(header);",
"const sPayload = JSON.stringify(payload);",
"",
"const sJWT = KJUR.jws.JWS.sign(header.alg, sHeader, sPayload, prvKey);",
"",
"// determine if we have all the client credentials needed in the environment",
"const hasClientId = String(config.boxAppSettings.clientID).length === 32",
"const hasClientSecret = String(config.boxAppSettings.clientSecret).length === 32",
"const hasAllCredentials = hasClientId && hasClientSecret && sJWT",
"",
"// if the access token expired and auto refresh has been set, use the refresh",
"// token to create a new access token",
"if (hasAllCredentials) {",
" // send a new API request to refresh the access token",
" pm.sendRequest({",
" url: 'https://api.box.com/oauth2/token',",
" method: 'POST',",
" headers: { 'Content-Type': 'Content-Type: application/x-www-form-urlencoded' },",
" body: {",
" mode: 'urlencoded',",
" urlencoded: [",
" { key: 'client_id', value: config.boxAppSettings.clientID, disabled: false },",
" { key: 'client_secret', value: config.boxAppSettings.clientSecret, disabled: false },",
" { key: 'assertion', value: sJWT, disabled: false },",
" { key: 'grant_type', value: 'urn:ietf:params:oauth:grant-type:jwt-bearer', disabled: false }",
" ]",
" }",
" }, function (error, response) {",
" if (error || response.json().error) {",
" // if an error occured, log the error and raise a message to the user.",
" console.log(error)",
" console.log(response.json())",
" throw new Error('Could not get the access token. Check the console for more details.')",
" } else {",
" // otherwise, fetch the new access token and store it",
" const data = response.json()",
"",
" // determine when this token is set to expire at",
" const newExpiresAt = Date.now() + data.expires_in * 1000",
" // store the new variables in the environment",
" pm.collectionVariables.set('jwt_access_token', data.access_token)",
" pm.collectionVariables.set('jwt_expires_at', newExpiresAt)",
" }",
" })",
"} else {",
" // if you are here, that means either client_id, client secret or JWT assertion is missing/incorrect.",
" throw new Error('Something is wrong with the env variable \"config_json\". Please make sure you have the right configuration defined as \"config_json\" in Collection Variable.')",
"}"
],
"type": "text/javascript"
}
}
],
"id": "ee632d13-d5c3-427f-a683-7e3878067b3a",
"request": {
"auth": {
"type": "oauth2",
"oauth2": {
"tokenType": "",
"accessToken": "{{jwt_access_token}}",
"addTokenTo": "header"
}
},
"method": "GET",
"header": [
{
"key": "boxapi",
"value": "shared_link=[link]&shared_link_password=[password]",
"description": "The URL, and optional password, for the shared link of this item.\n\nThis header can be used to access items that have not been\nexplicitly shared with a user.\n\nUse the format `shared_link=[link]` or if a password is required then\nuse `shared_link=[link]&shared_link_password=[password]`.\n\nThis header can be used on the file or folder shared, as well as on any files\nor folders nested within the item.",
"disabled": true
}
],
"url": {
"raw": "https://api.box.com/2.0/folders/:folder_id/items",
"protocol": "https",
"host": [
"api",
"box",
"com"
],
"path": [
"2.0",
"folders",
":folder_id",
"items"
],
"query": [
{
"key": "fields",
"value": "id,type,name",
"description": "A comma-separated list of attributes to include in the\nresponse. This can be used to request fields that are\nnot normally returned in a standard response.\n\nBe aware that specifying this parameter will have the\neffect that none of the standard fields are returned in\nthe response unless explicitly specified, instead only\nfields for the mini representation are returned, additional\nto the fields requested.\n\nAdditionally this field can be used to query any metadata\napplied to the file by specifying the `metadata` field as well\nas the scope and key of the template to retrieve, for example\n`?field=metadata.enterprise_12345.contractTemplate`.",
"disabled": true
},
{
"key": "usemarker",
"value": "true",
"description": "Specifies whether to use marker-based pagination instead of\noffset-based pagination. Only one pagination method can\nbe used at a time.\n\nBy setting this value to true, the API will return a `marker` field\nthat can be passed as a parameter to this endpoint to get the next\npage of the response.",
"disabled": true
},
{
"key": "offset",
"value": "1000",
"description": "The offset of the item at which to begin the response.",
"disabled": true
},
{
"key": "limit",
"value": "1000",
"description": "The maximum number of items to return per page.",
"disabled": true
},
{
"key": "sort",
"value": "id",
"description": "Defines the **second** attribute by which items\nare sorted.\n\nItems are always sorted by their `type` first, with\nfolders listed before files, and files listed\nbefore web links.\n\nThis parameter is not supported for marker-based pagination\non the root folder (the folder with an ID of `0`).",
"disabled": true
},
{
"key": "direction",
"value": "ASC",
"description": "The direction to sort results in. This can be either in alphabetical ascending\n(`ASC`) or descending (`DESC`) order.",
"disabled": true
}
],
"variable": [
{
"key": "folder_id",
"value": "0",
"description": "The unique identifier that represent a folder.\n\nThe ID for any folder can be determined\nby visiting this folder in the web application\nand copying the ID from the URL. For example,\nfor the URL `https://*.app.box.com/folder/123`\nthe `folder_id` is `123`.\n\nThe root folder of a Box account is\nalways represented by the ID `0`."
}
]
},
"description": "Retrieves a page of items in a folder. These items can be files,\n\nhttps://developer.box.com/reference/get-folders-id-items"
},
"response": [
{
"id": "9c554797-d77d-47c3-84b8-371bb640ded3",
"name": "[200] Returns a collection of files, folders, and web links contained in a folder.",
"originalRequest": {
"auth": {
"type": "oauth2",
"oauth2": {
"accessToken": "{{access_token}}",
"addTokenTo": "header",
"tokenType": "bearer"
}
},
"method": "GET",
"header": [
{
"key": "boxapi",
"value": "shared_link=[link]&shared_link_password=[password]",
"description": "The URL, and optional password, for the shared link of this item.\n\nThis header can be used to access items that have not been\nexplicitly shared with a user.\n\nUse the format `shared_link=[link]` or if a password is required then\nuse `shared_link=[link]&shared_link_password=[password]`.\n\nThis header can be used on the file or folder shared, as well as on any files\nor folders nested within the item.",
"disabled": true
}
],
"url": {
"raw": "https://{{api.box.com}}/2.0/folders/:folder_id/items",
"protocol": "https",
"host": [
"{{api.box.com}}"
],
"path": [
"2.0",
"folders",
":folder_id",
"items"
],
"query": [
{
"key": "fields",
"value": "id,type,name",
"description": "A comma-separated list of attributes to include in the\nresponse. This can be used to request fields that are\nnot normally returned in a standard response.\n\nBe aware that specifying this parameter will have the\neffect that none of the standard fields are returned in\nthe response unless explicitly specified, instead only\nfields for the mini representation are returned, additional\nto the fields requested.\n\nAdditionally this field can be used to query any metadata\napplied to the file by specifying the `metadata` field as well\nas the scope and key of the template to retrieve, for example\n`?field=metadata.enterprise_12345.contractTemplate`.",
"disabled": true
},
{
"key": "usemarker",
"value": "true",
"description": "Specifies whether to use marker-based pagination instead of\noffset-based pagination. Only one pagination method can\nbe used at a time.\n\nBy setting this value to true, the API will return a `marker` field\nthat can be passed as a parameter to this endpoint to get the next\npage of the response.",
"disabled": true
},
{
"key": "marker",
"value": "JV9IRGZmieiBasejOG9yDCRNgd2ymoZIbjsxbJMjIs3kioVii",
"description": "Defines the position marker at which to begin returning results. This is\nused when paginating using marker-based pagination.\n\nThis requires `usemarker` to be set to `true`.",
"disabled": true
},
{
"key": "offset",
"value": "1000",
"description": "The offset of the item at which to begin the response.",
"disabled": true
},
{
"key": "limit",
"value": "1000",
"description": "The maximum number of items to return per page.",
"disabled": true
},
{
"key": "sort",
"value": "id",
"description": "Defines the **second** attribute by which items\nare sorted.\n\nItems are always sorted by their `type` first, with\nfolders listed before files, and files listed\nbefore web links.\n\nThis parameter is not supported for marker-based pagination\non the root folder (the folder with an ID of `0`).",
"disabled": true
},
{
"key": "direction",
"value": "ASC",
"description": "The direction to sort results in. This can be either in alphabetical ascending\n(`ASC`) or descending (`DESC`) order.",
"disabled": true
}
],
"variable": [
{
"key": "folder_id",
"value": "12345",
"description": "The unique identifier that represent a folder.\n\nThe ID for any folder can be determined\nby visiting this folder in the web application\nand copying the ID from the URL. For example,\nfor the URL `https://*.app.box.com/folder/123`\nthe `folder_id` is `123`.\n\nThe root folder of a Box account is\nalways represented by the ID `0`."
}
]
},
"description": "Retrieves a page of items in a folder. These items can be files,\n\nhttps://developer.box.com/reference/get-folders-id-items"
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "Text",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [],
"responseTime": null,
"body": "{\n \"total_count\": 5000,\n \"limit\": 1000,\n \"offset\": 2000,\n \"order\": [\n {\n \"by\": \"type\",\n \"direction\": \"ASC\"\n }\n ],\n \"entries\": {\n \"id\": \"12345\",\n \"etag\": \"1\",\n \"type\": \"file\",\n \"sequence_id\": \"3\",\n \"name\": \"Contract.pdf\",\n \"sha1\": \"85136C79CBF9FE36BB9D05D0639C70C265C18D37\",\n \"file_version\": {\n \"id\": \"12345\",\n \"type\": \"file_version\",\n \"sha1\": \"134b65991ed521fcfe4724b7d814ab8ded5185dc\"\n }\n }\n}"
},
{
"id": "aa79e475-b18e-4bf6-a86a-f7ddb6d5968d",
"name": "[403] Returned when the access token provided in the `Authorization` header",
"originalRequest": {
"auth": {
"type": "oauth2",
"oauth2": {
"accessToken": "{{access_token}}",
"addTokenTo": "header",
"tokenType": "bearer"
}
},
"method": "GET",
"header": [
{
"key": "boxapi",
"value": "shared_link=[link]&shared_link_password=[password]",
"description": "The URL, and optional password, for the shared link of this item.\n\nThis header can be used to access items that have not been\nexplicitly shared with a user.\n\nUse the format `shared_link=[link]` or if a password is required then\nuse `shared_link=[link]&shared_link_password=[password]`.\n\nThis header can be used on the file or folder shared, as well as on any files\nor folders nested within the item.",
"disabled": true
}
],
"url": {
"raw": "https://{{api.box.com}}/2.0/folders/:folder_id/items",
"protocol": "https",
"host": [
"{{api.box.com}}"
],
"path": [
"2.0",
"folders",
":folder_id",
"items"
],
"query": [
{
"key": "fields",
"value": "id,type,name",
"description": "A comma-separated list of attributes to include in the\nresponse. This can be used to request fields that are\nnot normally returned in a standard response.\n\nBe aware that specifying this parameter will have the\neffect that none of the standard fields are returned in\nthe response unless explicitly specified, instead only\nfields for the mini representation are returned, additional\nto the fields requested.\n\nAdditionally this field can be used to query any metadata\napplied to the file by specifying the `metadata` field as well\nas the scope and key of the template to retrieve, for example\n`?field=metadata.enterprise_12345.contractTemplate`.",
"disabled": true
},
{
"key": "usemarker",
"value": "true",
"description": "Specifies whether to use marker-based pagination instead of\noffset-based pagination. Only one pagination method can\nbe used at a time.\n\nBy setting this value to true, the API will return a `marker` field\nthat can be passed as a parameter to this endpoint to get the next\npage of the response.",
"disabled": true
},
{
"key": "marker",
"value": "JV9IRGZmieiBasejOG9yDCRNgd2ymoZIbjsxbJMjIs3kioVii",
"description": "Defines the position marker at which to begin returning results. This is\nused when paginating using marker-based pagination.\n\nThis requires `usemarker` to be set to `true`.",
"disabled": true
},
{
"key": "offset",
"value": "1000",
"description": "The offset of the item at which to begin the response.",
"disabled": true
},
{
"key": "limit",
"value": "1000",
"description": "The maximum number of items to return per page.",
"disabled": true
},
{
"key": "sort",
"value": "id",
"description": "Defines the **second** attribute by which items\nare sorted.\n\nItems are always sorted by their `type` first, with\nfolders listed before files, and files listed\nbefore web links.\n\nThis parameter is not supported for marker-based pagination\non the root folder (the folder with an ID of `0`).",
"disabled": true
},
{
"key": "direction",
"value": "ASC",
"description": "The direction to sort results in. This can be either in alphabetical ascending\n(`ASC`) or descending (`DESC`) order.",
"disabled": true
}
],
"variable": [
{
"key": "folder_id",
"value": "12345",
"description": "The unique identifier that represent a folder.\n\nThe ID for any folder can be determined\nby visiting this folder in the web application\nand copying the ID from the URL. For example,\nfor the URL `https://*.app.box.com/folder/123`\nthe `folder_id` is `123`.\n\nThe root folder of a Box account is\nalways represented by the ID `0`."
}
]
},
"description": "Retrieves a page of items in a folder. These items can be files,\n\nhttps://developer.box.com/reference/get-folders-id-items"
},
"status": "Forbidden",
"code": 403,
"_postman_previewlanguage": "Text",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [],
"responseTime": null,
"body": "{\n \"type\": \"error\",\n \"status\": 400,\n \"code\": \"item_name_invalid\",\n \"message\": \"Method Not Allowed\",\n \"context_info\": {\n \"message\": \"Something went wrong.\"\n },\n \"help_url\": \"http://developers.box.com/docs/#errors\",\n \"request_id\": \"abcdef123456\"\n}"
},
{
"id": "1ad285d6-7fc8-4029-b20d-14ad745e4a7a",
"name": "[404] Returned if the folder is not found, or the user does not",
"originalRequest": {
"auth": {
"type": "oauth2",
"oauth2": {
"accessToken": "{{access_token}}",
"addTokenTo": "header",
"tokenType": "bearer"
}
},
"method": "GET",
"header": [
{
"key": "boxapi",
"value": "shared_link=[link]&shared_link_password=[password]",
"description": "The URL, and optional password, for the shared link of this item.\n\nThis header can be used to access items that have not been\nexplicitly shared with a user.\n\nUse the format `shared_link=[link]` or if a password is required then\nuse `shared_link=[link]&shared_link_password=[password]`.\n\nThis header can be used on the file or folder shared, as well as on any files\nor folders nested within the item.",
"disabled": true
}
],
"url": {
"raw": "https://{{api.box.com}}/2.0/folders/:folder_id/items",
"protocol": "https",
"host": [
"{{api.box.com}}"
],
"path": [
"2.0",
"folders",
":folder_id",
"items"
],
"query": [
{
"key": "fields",
"value": "id,type,name",
"description": "A comma-separated list of attributes to include in the\nresponse. This can be used to request fields that are\nnot normally returned in a standard response.\n\nBe aware that specifying this parameter will have the\neffect that none of the standard fields are returned in\nthe response unless explicitly specified, instead only\nfields for the mini representation are returned, additional\nto the fields requested.\n\nAdditionally this field can be used to query any metadata\napplied to the file by specifying the `metadata` field as well\nas the scope and key of the template to retrieve, for example\n`?field=metadata.enterprise_12345.contractTemplate`.",
"disabled": true
},
{
"key": "usemarker",
"value": "true",
"description": "Specifies whether to use marker-based pagination instead of\noffset-based pagination. Only one pagination method can\nbe used at a time.\n\nBy setting this value to true, the API will return a `marker` field\nthat can be passed as a parameter to this endpoint to get the next\npage of the response.",
"disabled": true
},
{
"key": "marker",
"value": "JV9IRGZmieiBasejOG9yDCRNgd2ymoZIbjsxbJMjIs3kioVii",
"description": "Defines the position marker at which to begin returning results. This is\nused when paginating using marker-based pagination.\n\nThis requires `usemarker` to be set to `true`.",
"disabled": true
},
{
"key": "offset",
"value": "1000",
"description": "The offset of the item at which to begin the response.",
"disabled": true
},
{
"key": "limit",
"value": "1000",
"description": "The maximum number of items to return per page.",
"disabled": true
},
{
"key": "sort",
"value": "id",
"description": "Defines the **second** attribute by which items\nare sorted.\n\nItems are always sorted by their `type` first, with\nfolders listed before files, and files listed\nbefore web links.\n\nThis parameter is not supported for marker-based pagination\non the root folder (the folder with an ID of `0`).",
"disabled": true
},
{
"key": "direction",
"value": "ASC",
"description": "The direction to sort results in. This can be either in alphabetical ascending\n(`ASC`) or descending (`DESC`) order.",
"disabled": true
}
],
"variable": [
{
"key": "folder_id",
"value": "12345",
"description": "The unique identifier that represent a folder.\n\nThe ID for any folder can be determined\nby visiting this folder in the web application\nand copying the ID from the URL. For example,\nfor the URL `https://*.app.box.com/folder/123`\nthe `folder_id` is `123`.\n\nThe root folder of a Box account is\nalways represented by the ID `0`."
}
]
},
"description": "Retrieves a page of items in a folder. These items can be files,\n\nhttps://developer.box.com/reference/get-folders-id-items"
},
"status": "Not Found",
"code": 404,
"_postman_previewlanguage": "Text",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [],
"responseTime": null,
"body": "{\n \"type\": \"error\",\n \"status\": 400,\n \"code\": \"item_name_invalid\",\n \"message\": \"Method Not Allowed\",\n \"context_info\": {\n \"message\": \"Something went wrong.\"\n },\n \"help_url\": \"http://developers.box.com/docs/#errors\",\n \"request_id\": \"abcdef123456\"\n}"
},
{
"id": "193f5a6f-248e-4c55-b039-05ebe8157591",
"name": "[405] Returned if the `folder_id` is not in a recognized format.",
"originalRequest": {
"auth": {
"type": "oauth2",
"oauth2": {
"accessToken": "{{access_token}}",
"addTokenTo": "header",
"tokenType": "bearer"
}
},
"method": "GET",
"header": [
{
"key": "boxapi",
"value": "shared_link=[link]&shared_link_password=[password]",
"description": "The URL, and optional password, for the shared link of this item.\n\nThis header can be used to access items that have not been\nexplicitly shared with a user.\n\nUse the format `shared_link=[link]` or if a password is required then\nuse `shared_link=[link]&shared_link_password=[password]`.\n\nThis header can be used on the file or folder shared, as well as on any files\nor folders nested within the item.",
"disabled": true
}
],
"url": {
"raw": "https://{{api.box.com}}/2.0/folders/:folder_id/items",
"protocol": "https",
"host": [
"{{api.box.com}}"
],
"path": [
"2.0",
"folders",
":folder_id",
"items"
],
"query": [
{
"key": "fields",
"value": "id,type,name",
"description": "A comma-separated list of attributes to include in the\nresponse. This can be used to request fields that are\nnot normally returned in a standard response.\n\nBe aware that specifying this parameter will have the\neffect that none of the standard fields are returned in\nthe response unless explicitly specified, instead only\nfields for the mini representation are returned, additional\nto the fields requested.\n\nAdditionally this field can be used to query any metadata\napplied to the file by specifying the `metadata` field as well\nas the scope and key of the template to retrieve, for example\n`?field=metadata.enterprise_12345.contractTemplate`.",
"disabled": true
},
{
"key": "usemarker",
"value": "true",
"description": "Specifies whether to use marker-based pagination instead of\noffset-based pagination. Only one pagination method can\nbe used at a time.\n\nBy setting this value to true, the API will return a `marker` field\nthat can be passed as a parameter to this endpoint to get the next\npage of the response.",
"disabled": true
},
{
"key": "marker",
"value": "JV9IRGZmieiBasejOG9yDCRNgd2ymoZIbjsxbJMjIs3kioVii",
"description": "Defines the position marker at which to begin returning results. This is\nused when paginating using marker-based pagination.\n\nThis requires `usemarker` to be set to `true`.",
"disabled": true
},
{
"key": "offset",
"value": "1000",
"description": "The offset of the item at which to begin the response.",
"disabled": true
},
{
"key": "limit",
"value": "1000",
"description": "The maximum number of items to return per page.",
"disabled": true
},
{
"key": "sort",
"value": "id",
"description": "Defines the **second** attribute by which items\nare sorted.\n\nItems are always sorted by their `type` first, with\nfolders listed before files, and files listed\nbefore web links.\n\nThis parameter is not supported for marker-based pagination\non the root folder (the folder with an ID of `0`).",
"disabled": true
},
{
"key": "direction",
"value": "ASC",
"description": "The direction to sort results in. This can be either in alphabetical ascending\n(`ASC`) or descending (`DESC`) order.",
"disabled": true
}
],
"variable": [
{
"key": "folder_id",
"value": "12345",
"description": "The unique identifier that represent a folder.\n\nThe ID for any folder can be determined\nby visiting this folder in the web application\nand copying the ID from the URL. For example,\nfor the URL `https://*.app.box.com/folder/123`\nthe `folder_id` is `123`.\n\nThe root folder of a Box account is\nalways represented by the ID `0`."
}
]
},
"description": "Retrieves a page of items in a folder. These items can be files,\n\nhttps://developer.box.com/reference/get-folders-id-items"
},
"status": "Method Not Allowed",
"code": 405,
"_postman_previewlanguage": "Text",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [],
"responseTime": null,
"body": "{\n \"type\": \"error\",\n \"status\": 400,\n \"code\": \"item_name_invalid\",\n \"message\": \"Method Not Allowed\",\n \"context_info\": {\n \"message\": \"Something went wrong.\"\n },\n \"help_url\": \"http://developers.box.com/docs/#errors\",\n \"request_id\": \"abcdef123456\"\n}"
}
]
},
{
"name": "Revoke access token",
"event": [
{
"listen": "prerequest",
"script": {
"id": "85e16f62-1a1e-45c1-99f1-831201188780",
"exec": [
"/*\r",
"// determine if the Access Token has expired\r",
"const accessToken = pm.collectionVariables.get('jwt_access_token')\r",
"const expiresAt = pm.collectionVariables.get('jwt_expires_at')\r",
"const expired = Date.now() > Number(expiresAt)\r",
"\r",
"// If the token is not expired, then we immediately throw the error that there is no token to revoke\r",
"if ( !accessToken || expired ) {\r",
" throw new Error('There is no active token')\r",
"}\r",
"*/\r",
"\r",
"const envConfig = pm.collectionVariables.get('config_json')\r",
"const config = JSON.parse(envConfig);\r",
"\r",
"// Set as env variables (these will be cleared after the call in post-script \"Tests\" phase)\r",
"pm.collectionVariables.set(\"jwt_client_id\", config.boxAppSettings.clientID);\r",
"pm.collectionVariables.set(\"jwt_client_secret\", config.boxAppSettings.clientSecret);"
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"id": "40777ec7-09b1-465c-92d6-c74d12706874",
"exec": [
"// (Optional) Clear the env variables as we don't need those after revoking the token\r",
"pm.collectionVariables.unset(\"jwt_client_id\");\r",
"pm.collectionVariables.unset(\"jwt_client_secret\");\r",
"pm.collectionVariables.unset(\"jwt_expires_at\");\r",
"pm.collectionVariables.unset(\"jwt_access_token\");"
],
"type": "text/javascript"
}
}
],
"id": "58c13e75-40e5-424a-9c69-8d76bc57021a",
"protocolProfileBehavior": {
"disableBodyPruning": true
},
"request": {
"auth": {
"type": "noauth"
},
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/x-www-form-urlencoded"
}
],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "client_id",
"value": "{{jwt_client_id}}",
"description": "The Client ID of the application requesting to revoke the\naccess token."
},
{
"key": "client_secret",
"value": "{{jwt_client_secret}}",
"description": "The client secret of the application requesting to revoke\nan access token."
},
{
"key": "token",
"value": "{{jwt_access_token}}",
"description": "The access token to revoke."
}
]
},
"url": "https://api.box.com/oauth2/revoke"
},
"response": [
{
"id": "9f762f94-9415-4b28-807a-7d4514496751",
"name": "[200] Returns an empty response when the token was successfully revoked.",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/x-www-form-urlencoded"
}
],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "client_id",
"value": "{{client_id}}",
"description": "The Client ID of the application requesting to revoke the\naccess token.",
"disabled": true
},
{
"key": "client_secret",
"value": "{{client_secret}}",
"description": "The client secret of the application requesting to revoke\nan access token.",
"disabled": true
},
{
"key": "token",
"value": "n22JPxrh18m4Y0wIZPIqYZK7VRrsMTWW",
"description": "The access token to revoke.",
"disabled": true
}
]
},
"url": "https://{{api.box.com}}/oauth2/revoke",
"description": "Revoke an active Access Token, effectively logging a user out\n\nhttps://developer.box.com/reference/post-oauth2-revoke"
},
"status": "OK",
"code": 200,
"_postman_previewlanguage": "Text",
"header": [],
"cookie": [],
"responseTime": null,
"body": null
},
{
"id": "11bc2c49-a668-4948-9c94-f26facfbc58d",
"name": "[400] An authentication error.",
"originalRequest": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/x-www-form-urlencoded"
}
],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "client_id",
"value": "{{client_id}}",
"description": "The Client ID of the application requesting to revoke the\naccess token.",
"disabled": true
},
{
"key": "client_secret",
"value": "{{client_secret}}",
"description": "The client secret of the application requesting to revoke\nan access token.",
"disabled": true
},
{
"key": "token",
"value": "n22JPxrh18m4Y0wIZPIqYZK7VRrsMTWW",
"description": "The access token to revoke.",
"disabled": true
}
]
},
"url": "https://{{api.box.com}}/oauth2/revoke",
"description": "Revoke an active Access Token, effectively logging a user out\n\nhttps://developer.box.com/reference/post-oauth2-revoke"
},
"status": "Bad Request",
"code": 400,
"_postman_previewlanguage": "Text",
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"cookie": [],
"responseTime": null,
"body": "{\n \"error\": \"invalid_client\",\n \"error_description\": \"The client credentials are not valid\"\n}"
}
]
}
],
"event": [
{
"listen": "prerequest",
"script": {
"id": "e1695fbd-4e7e-4a54-8b2b-e8d58d76ac14",
"type": "text/javascript",
"exec": [
""
]
}
},
{
"listen": "test",
"script": {
"id": "85e25a27-aa72-4b6a-970c-f8ea08fa0672",
"type": "text/javascript",
"exec": [
""
]
}
}
],
"variable": [
{
"id": "99ec65a8-8847-469f-88bf-8c4fffd91f35",
"key": "config_json",
"value": "{\n \"boxAppSettings\": {\n \"clientID\": \"\",\n \"clientSecret\": \"\",\n \"appAuth\": {\n \"publicKeyID\": \"\",\n \"privateKey\": \"\",\n \"passphrase\": \"\"\n }\n },\n \"enterpriseID\": \"\"\n}",
"type": "string"
},
{
"id": "eacac0a2-c9b8-4321-88e0-406c97784b59",
"key": "jsrsasign_js",
"value": "/*\n * jsrsasign(all) 10.6.1 (2022-11-20) (c) 2010-2022 Kenji Urushima | kjur.github.io/jsrsasign/license\n */\n/*! CryptoJS v3.1.2 core-fix.js\n * code.google.com/p/crypto-js\n * (c) 2009-2013 by Jeff Mott. All rights reserved.\n * code.google.com/p/crypto-js/wiki/License\n * THIS IS FIX of 'core.js' to fix Hmac issue.\n * https://code.google.com/p/crypto-js/issues/detail?id=84\n * https://crypto-js.googlecode.com/svn-history/r667/branches/3.x/src/core.js\n */\nvar CryptoJS=CryptoJS||(function(e,g){var a={};var b=a.lib={};var j=b.Base=(function(){function n(){}return{extend:function(p){n.prototype=this;var o=new n();if(p){o.mixIn(p)}if(!o.hasOwnProperty(\"init\")){o.init=function(){o.$super.init.apply(this,arguments)}}o.init.prototype=o;o.$super=this;return o},create:function(){var o=this.extend();o.init.apply(o,arguments);return o},init:function(){},mixIn:function(p){for(var o in p){if(p.hasOwnProperty(o)){this[o]=p[o]}}if(p.hasOwnProperty(\"toString\")){this.toString=p.toString}},clone:function(){return this.init.prototype.extend(this)}}}());var l=b.WordArray=j.extend({init:function(o,n){o=this.words=o||[];if(n!=g){this.sigBytes=n}else{this.sigBytes=o.length*4}},toString:function(n){return(n||h).stringify(this)},concat:function(t){var q=this.words;var p=t.words;var n=this.sigBytes;var s=t.sigBytes;this.clamp();if(n%4){for(var r=0;r>>2]>>>(24-(r%4)*8))&255;q[(n+r)>>>2]|=o<<(24-((n+r)%4)*8)}}else{for(var r=0;r>>2]=p[r>>>2]}}this.sigBytes+=s;return this},clamp:function(){var o=this.words;var n=this.sigBytes;o[n>>>2]&=4294967295<<(32-(n%4)*8);o.length=e.ceil(n/4)},clone:function(){var n=j.clone.call(this);n.words=this.words.slice(0);return n},random:function(p){var o=[];for(var n=0;n
>>2]>>>(24-(n%4)*8))&255;q.push((s>>>4).toString(16));q.push((s&15).toString(16))}return q.join(\"\")},parse:function(p){var n=p.length;var q=[];for(var o=0;o >>2]>>>(24-(o%4)*8))&255;n.push(String.fromCharCode(s))}return n.join(\"\")},parse:function(p){var n=p.length;var q=[];for(var o=0;o >>0?1:0),b=b+c,j=j+u+(b>>>0 >>32-p[b],a=a+r|0,t=r,r=j,j=h<<10|h>>>22,h=g,g=a,a=u+e[v+q[b]]|0,a=16>b?a+((k^(l|~m))+d[0]):32>b?a+((k&m|l&~m)+d[1]):48>b?a+(((k|~l)^m)+d[2]):64>b?a+((k&l|~k&m)+d[3]):a+((k^l^m)+d[4]),a|=0,a=a< =0){var c=(g[--u]==b)?this.DM:Math.floor(g[u]*A+(g[u-1]+x)*z);if((g[u]+=d.am(0,c,g,s,0,p))>>2]&255}};f.BlockCipher=n.extend({cfg:n.cfg.extend({mode:m,padding:h}),reset:function(){n.reset.call(this);var a=this.cfg,b=a.iv,a=a.mode;if(this._xformMode==this._ENC_XFORM_MODE)var c=a.createEncryptor;else c=a.createDecryptor,this._minBufferSize=1;\nthis._mode=c.call(a,this,b&&b.words)},_doProcessBlock:function(a,b){this._mode.processBlock(a,b)},_doFinalize:function(){var a=this.cfg.padding;if(this._xformMode==this._ENC_XFORM_MODE){a.pad(this._data,this.blockSize);var b=this._process(!0)}else b=this._process(!0),a.unpad(b);return b},blockSize:4});var p=f.CipherParams=k.extend({init:function(a){this.mixIn(a)},toString:function(a){return(a||this.formatter).stringify(this)}}),m=(g.format={}).OpenSSL={stringify:function(a){var b=a.ciphertext;a=a.salt;\nreturn(a?l.create([1398893684,1701076831]).concat(a).concat(b):b).toString(r)},parse:function(a){a=r.parse(a);var b=a.words;if(1398893684==b[0]&&1701076831==b[1]){var c=l.create(b.slice(2,4));b.splice(0,4);a.sigBytes-=16}return p.create({ciphertext:a,salt:c})}},j=f.SerializableCipher=k.extend({cfg:k.extend({format:m}),encrypt:function(a,b,c,d){d=this.cfg.extend(d);var e=a.createEncryptor(c,d);b=e.finalize(b);e=e.cfg;return p.create({ciphertext:b,key:c,iv:e.iv,algorithm:a,mode:e.mode,padding:e.padding,\nblockSize:a.blockSize,formatter:d.format})},decrypt:function(a,b,c,d){d=this.cfg.extend(d);b=this._parse(b,d.format);return a.createDecryptor(c,d).finalize(b.ciphertext)},_parse:function(a,b){return\"string\"==typeof a?b.parse(a,this):a}}),g=(g.kdf={}).OpenSSL={execute:function(a,b,c,d){d||(d=l.random(8));a=v.create({keySize:b+c}).compute(a,d);c=l.create(a.words.slice(b),4*c);a.sigBytes=4*b;return p.create({key:a,iv:c,salt:d})}},s=f.PasswordBasedCipher=j.extend({cfg:j.cfg.extend({kdf:g}),encrypt:function(a,\nb,c,d){d=this.cfg.extend(d);c=d.kdf.execute(c,a.keySize,a.ivSize);d.iv=c.iv;a=j.encrypt.call(this,a,b,c.key,d);a.mixIn(c);return a},decrypt:function(a,b,c,d){d=this.cfg.extend(d);b=this._parse(b,d.format);c=d.kdf.execute(c,a.keySize,a.ivSize,b.salt);d.iv=c.iv;return j.decrypt.call(this,a,b,c.key,d)}})}();\n/*\nCryptoJS v3.1.2 aes.js\ncode.google.com/p/crypto-js\n(c) 2009-2013 by Jeff Mott. All rights reserved.\ncode.google.com/p/crypto-js/wiki/License\n*/\n(function(){for(var q=CryptoJS,x=q.lib.BlockCipher,r=q.algo,j=[],y=[],z=[],A=[],B=[],C=[],s=[],u=[],v=[],w=[],g=[],k=0;256>k;k++)g[k]=128>k?k<<1:k<<1^283;for(var n=0,l=0,k=0;256>k;k++){var f=l^l<<1^l<<2^l<<3^l<<4,f=f>>>8^f&255^99;j[n]=f;y[f]=n;var t=g[n],D=g[t],E=g[D],b=257*g[f]^16843008*f;z[n]=b<<24|b>>>8;A[n]=b<<16|b>>>16;B[n]=b<<8|b>>>24;C[n]=b;b=16843009*E^65537*D^257*t^16843008*n;s[f]=b<<24|b>>>8;u[f]=b<<16|b>>>16;v[f]=b<<8|b>>>24;w[f]=b;n?(n=t^g[g[g[E^t]]],l^=g[g[l]]):n=l=1}var F=[0,1,2,4,8,\n16,32,64,128,27,54],r=r.AES=x.extend({_doReset:function(){for(var c=this._key,e=c.words,a=c.sigBytes/4,c=4*((this._nRounds=a+6)+1),b=this._keySchedule=[],h=0;h