I'm trying to do some initial testing in my local environment with box.com api. I've registered the api key and I'd like to put a localhost url in redirect uri form field but it seems like it only allows https (which I don't have in localhost). Message returned:
OAuth2 redirect URL must specify a valid URL and must not be http://
The requirement for the https is a good thing. While you are still in dev it would still be an active auth token transmitted in plain text if sent to http:// which someone could grab and use to mess with your box.net account.
You are going to need to generate a self signed certificate and install that locally to allow for this to work.
How can I create a self-signed cert for localhost?
Another option to further enhance this would be to actually buy the SSL that you are going to need for this project when it goes live and use a local dns redirect via your hosts file to load the domain off your local dev machine as opposed to the live server.