I am developing a desktop app which will interact with box enterprise account.

For the first time when my app will try to access Admin enterprise account it will be redirected to box page . Box finally redirects user to my redirected URL after accepting Admin user credentials. This redirected URL will have a authorization code. which is used to get access and refresh token.

My question is that can i save this authorization code for future use. ??

Say after one month my app again wants to access Admin enterprise account then Do i again need to go through the above steps of getting the auth code.??

Alok, yes, you can save the access and refresh tokens for future use. Some things to note:

• The access token must be included via an Authorization header on every request to the API.
• An access token expires after 1 hour. You can use the refresh token to request a new access/refresh token pair.
• A refresh token expires after 14 60 days. If your application needs to perform a monthly process less frequently than that, you'll need to create a scheduled task or chron job to refresh the access/refresh token pair in the interim. With this task/job in place you can refresh the tokens indefinitely.
• If both the access and refresh tokens have expired, the user must manually authenticate your application again.