One month down in 2025: How are your resolutions coming along? Check out how to get back on track here.
Forum Discussion
TC888
3 years agoExplorer | Level 3
Able to download non shared files using API
I need to build a simple tool for downloading shared files that can run as a cron job, so I'm learning the API and Java SDK. In my tinkering, I've encountered some behavior that I don't understand. I created an account using my work email, then created an app with that account and genreated a token. Then, in a different browser, I created another account using my personal email and put a couple test files there. Using the Java SDK and the access token I generated from my work account, I was able to download files from my personal account that were not shared. There was nothing in my code that would identify me as the owner of that account, so I don't see how that should be possible. Is this a bug? Was it able to identify me by my IP? Is the link generated by "copy link" usable by anyone without authentication? Just trying to get my head around this.
- ЗдравкоLegendary | Level 20
TC888 wrote:... Is this a bug? ...
Hi TC888,
If you can access non shared file in such a way that for sure would be a bug. Is the file non shared really? 🤔 Taking in account following:
TC888 wrote:... Is the link generated by "copy link" usable by anyone without authentication? ...
Most probably you are talking here for a shared link. If so, Yes - that's the idea of shared link - providing access to particular resource (file/folder) without account authentication. 😉 Clarify to yourself what actually you are doing! Shared link associated resource can be downloaded with App Authentication, without account authentication.
Hope this helps.
- Greg-DB
Dropbox Staff
TC888 It seems like Здравко has figured this out. It sounds like the link you are referring to is a "shared link", which can be accessed by other accounts by default. This is a sharing feature that allows one user to share files or folders with other users just via that link.
Here are some guides that may be helpful:
- TC888Explorer | Level 3
Ok, that makes sense. Thanks for the help.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,950 PostsLatest Activity: 11 hours ago
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!