We’re Still Here to Help (Even Over the Holidays!) - find out more here.
Forum Discussion
Solved
Access Token for Dropbox Business App
I'm going to develop an applcation for Dropbox for Business team. E.g. this will be a desktop application that searching content across all accounts in organization.
And I slightly confused about OAuth section parameters when creating the application.
As far as I understood, I have two options:
1. Get Access Token progammatically via "Redirect URI" when first app starting
2. Get Access Token by clicking "Generate" button (in dev console when app creating)
Eventually, I need to securelly store this Access Token and use it to connect to Dropbox team and team members.
What is options preferrable and more secure in my case (1 or 2) ? Please advise.
Yes, for "Dropbox Business API" apps, the access tokens enable access to the entire team (and in particular, Dropbox Business API apps with the "team member file access" permission can operate on specific members, using DropboxTeamClient.AsMember).
For "Dropbox API" apps, the access tokens enable access only to the individual account.
This works the same way regardless of how the access token was retrieved (i.e., OAuth flow vs. "Generate" button).
6 Replies
- Greg-DB
Dropbox Community Moderator
The second option you mention, getting an access token by clicking the "Generate" button on the app's page, is only for getting an access token for your own account (i.e., the owner of the app).
If you need to allow abritrary end-users to connect their own Dropbox accounts to your app, you'll need to implement the OAuth app authorization flow. (That's the first option you mentioned, though redirect URIs aren't always required.)
I recommend reading the OAuth guide for more information. You can find the Dropbox OAuth documentation here.
Thank you for quick answer.
But, it looks like the Access token that was generated by clicking "Generate" button give me access also to all Dropbox accounts in the team.
At least, DropboxTeamClient.AsMember method allows me to perform user's endpoints methods.
- Greg-DB
Yes, for "Dropbox Business API" apps, the access tokens enable access to the entire team (and in particular, Dropbox Business API apps with the "team member file access" permission can operate on specific members, using DropboxTeamClient.AsMember).
For "Dropbox API" apps, the access tokens enable access only to the individual account.
This works the same way regardless of how the access token was retrieved (i.e., OAuth flow vs. "Generate" button).
In other words, are there no differences in ways how Access token for Dropbox Businness API App was received (OAuth flow or "Generate" button) from the viewpoint of security and common production approaches?
- Greg-DB
That's correct.
Again though, note that the "Generate" button can only be used to get an access token for your own account/team. If you are building your app for use by other teams, you do need to implement the OAuth flow in your app. Also, you should never share your own access token with others.
Got it, thank you !
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
