picBox Documentation

API :: Authenticating

< Back

The picBox API uses a pseudo-oauth mechanism: there are no refresh tokens and tokens never expire. Tokens can be revoked from the user's account page.

In order for your application to receive a token, you must first open the pauth authorization page in the client's browser. The URL for this page is:


To acquire a client_id, contact us using the following email address: us at this domain.

When the client accepts the authorization request, they will be provided a PIN. The client will copy this PIN and paste it into your application.

To finally acquire a token, you must request one from the API endpoint:


This endpoint will return a JSON response similar to this:

    success: true,
    token: "Tq(7Aes_9z%-^()H!7k_r/rsm",
    username: "picBox"

The token returned is used to authenticate when utilizing various functions of the API.