picBox Documentation

API :: Authenticating

< Back


The picBox API uses a pseudo-oauth mechanism: there are no refresh tokens and tokens never expire. Tokens can be revoked from the user's account page.

In order for your application to receive a token, you must first open the pauth authorization page in the client's browser. The URL for this page is:

https://picbox.us/pauth?client_id=your_application_id

To acquire a client_id, contact us using the following email address: us at this domain.

When the client accepts the authorization request, they will be provided a PIN. The client will copy this PIN and paste it into your application.

To finally acquire a token, you must request one from the API endpoint:

https://picbox.us/api/pauth_req_token?client_id=your_application_id&client_secret=your_application_secret&pin=user_provided_pin

This endpoint will return a JSON response similar to this: 

{
    success: true,
    token: "Tq(7Aes_9z%-^()H!7k_r/rsm",
    username: "picBox"
}

The token returned is used to authenticate when utilizing various functions of the API.

Copyright © 2012-2019 Written by Kevin Smith, Justin Hendryx and Zach Ripka - QC and Security by Sean Rice | Terms of Service |