{"id":1953,"library":"boxsdk","title":"Box Python SDK","description":"The `boxsdk` is the official Python SDK for integrating with the Box Content Cloud. The latest major versions (v10.x.x and above) are built entirely on an auto-generated package, `box_sdk_gen`, providing comprehensive API support and rapid updates. It supports Python 3.8 and above, with a release cadence of minor or patch releases every 2-3 months.","status":"active","version":"10.6.0","language":"en","source_language":"en","source_url":"https://github.com/box/box-python-sdk.git","tags":["box","cloud storage","api client","file management","authentication"],"install":[{"cmd":"pip install boxsdk>=10","lang":"bash","label":"Standard Installation"},{"cmd":"pip install \"boxsdk[jwt]>=10\"","lang":"bash","label":"With JWT Authentication Dependencies"}],"dependencies":[{"reason":"Required for JWT authentication, and included with the `jwt` extra.","package":"pyjwt>=1.7.0","optional":true},{"reason":"Required for JWT authentication; FIPS-compliant OpenSSL setup may be needed.","package":"cryptography","optional":true}],"imports":[{"note":"As of v10, the SDK uses `box_sdk_gen` exclusively. Direct imports from `boxsdk` for client and auth classes are deprecated for new codebases or migrations to v10.","wrong":"from boxsdk import Client, OAuth2","symbol":"BoxClient, BoxDeveloperTokenAuth","correct":"from box_sdk_gen import BoxClient, BoxDeveloperTokenAuth"}],"quickstart":{"code":"import os\nfrom box_sdk_gen import BoxClient, BoxDeveloperTokenAuth\n\n# Get your Developer Token from the Box Developer Console for testing.\n# It's recommended to use environment variables for sensitive information.\nDEVELOPER_TOKEN = os.environ.get('BOX_DEVELOPER_TOKEN', 'YOUR_DEVELOPER_TOKEN')\n\ndef get_root_folder_items(token: str):\n    if not token or token == 'YOUR_DEVELOPER_TOKEN':\n        print(\"Please set the 'BOX_DEVELOPER_TOKEN' environment variable or replace 'YOUR_DEVELOPER_TOKEN' in the script.\")\n        return\n\n    try:\n        auth: BoxDeveloperTokenAuth = BoxDeveloperTokenAuth(token=token)\n        client: BoxClient = BoxClient(auth=auth)\n\n        # Get items in the root folder (folder ID '0')\n        print(\"\\nItems in your Box root folder:\")\n        for item in client.folders.get_folder_items('0').entries:\n            print(f\"- {item.name} ({item.type.value})\")\n\n    except Exception as e:\n        print(f\"An error occurred: {e}\")\n\nif __name__ == '__main__':\n    get_root_folder_items(DEVELOPER_TOKEN)","lang":"python","description":"This quickstart demonstrates how to authenticate with a Developer Token and list the items in your Box root folder using the v10+ SDK's `box_sdk_gen` package. Ensure you replace 'YOUR_DEVELOPER_TOKEN' with an actual token or set the `BOX_DEVELOPER_TOKEN` environment variable."},"warnings":[{"fix":"Migrate your codebase to use imports and classes from the `box_sdk_gen` package. Consult the official migration guides for detailed steps.","message":"Version 10.0.0 of `boxsdk` entirely replaces the old, manually maintained `boxsdk` package with the auto-generated `box_sdk_gen`. This introduces a new interface for all methods and requires changes to import paths (e.g., `from box_sdk_gen import ...` instead of `from boxsdk import ...`) and potentially client/auth object instantiation.","severity":"breaking","affected_versions":">=10.0.0"},{"fix":"Upgrade to Box core SDK v10.x.x (recommended for new applications) or v4.x.x (for existing `boxsdk` users to access generated features while gradually migrating).","message":"Box Next Generation SDKs, which were developed in parallel, are deprecated as of September 17, 2025. While existing code will continue to function, these separate artifacts will no longer receive new features, updates, or bug fixes. Their functionalities are now integrated into the consolidated Box core SDKs (v4.x.y and v10.x.y).","severity":"deprecated","affected_versions":"All versions of Box Next Generation SDKs as separate artifacts"},{"fix":"Carefully review the Box Developer Console application settings and ensure they align with the chosen authentication method (OAuth 2.0, JWT, Client Credentials Grant, Developer Token). Verify client IDs, secrets, public/private keys, and ensure the application has the necessary permissions and administrator approval for your enterprise.","message":"Common authentication issues (e.g., 'Access denied - insufficient permission', 'No \"refresh_token\" parameter found', 'The \"box_subject_type\" value is unauthorized') often stem from misconfiguration in the Box Developer Console or not meeting prerequisites for specific authentication methods (e.g., administrator approval for Client Credentials Grant).","severity":"gotcha","affected_versions":"All versions"},{"fix":"Refer to Box's FIPS 140-2 compliance documentation. This typically involves building a custom Python distribution with OpenSSL 3.0 and ensuring `cryptography` is installed correctly against it.","message":"Achieving FIPS 140-2 compliance when using the SDK, especially with JWT, requires specific setup. Python's default distributions often link against OpenSSL v1.1.1 (not FIPS compliant). You must ensure Python uses a custom SSL library (like OpenSSL 3.0) and that the `cryptography` library (a JWT dependency) is also installed with a FIPS-compliant OpenSSL version.","severity":"gotcha","affected_versions":"All versions using FIPS-enabled environments"},{"fix":"Pin your project's `boxsdk` dependency to at least the major version (`boxsdk~=10.0` or `boxsdk==10.*`) to avoid unexpected breaking changes from minor version increments. Review changelogs for minor updates.","message":"Box SDK uses a modified Semantic Versioning. While `PATCH` releases are generally safe, `MINOR` versions can introduce small breaking changes, primarily to function signatures. `MAJOR` versions denote significant, potentially extensive breaking changes.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}