Forum Discussion

RGDev's avatar
RGDev
Explorer | Level 3
6 years ago
Solved

Access Token for Dropbox Business App

I'm going to develop an applcation for Dropbox for Business team. E.g. this will be a desktop application that searching content across all accounts in organization.

And I slightly confused about OAuth  section parameters when creating the application.

As far as I understood, I have two options:

1. Get Access Token progammatically via "Redirect URI" when first app starting

2. Get Access Token by clicking "Generate" button (in dev console when app creating)

Eventually, I need to securelly store this Access Token and use it to connect to Dropbox team and team members.

What is options preferrable and more secure in my case (1 or 2) ? Please advise.

  • Yes, for "Dropbox Business API" apps, the access tokens enable access to the entire team (and in particular, Dropbox Business API apps with the "team member file access" permission can operate on specific members, using DropboxTeamClient.AsMember). 

    For "Dropbox API" apps, the access tokens enable access only to the individual account.

    This works the same way regardless of how the access token was retrieved (i.e., OAuth flow vs. "Generate" button).

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    The second option you mention, getting an access token by clicking the "Generate" button on the app's page, is only for getting an access token for your own account (i.e., the owner of the app).

    If you need to allow abritrary end-users to connect their own Dropbox accounts to your app, you'll need to implement the OAuth app authorization flow. (That's the first option you mentioned, though redirect URIs aren't always required.)

    I recommend reading the OAuth guide for more information. You can find the Dropbox OAuth documentation here.

    • RGDev's avatar
      RGDev
      Explorer | Level 3

      Thank you for quick answer.

      But, it looks like the Access token that was generated by clicking "Generate" button give me access also to all Dropbox accounts in the team.

      At least, DropboxTeamClient.AsMember method allows me to perform user's endpoints methods.

       

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        Yes, for "Dropbox Business API" apps, the access tokens enable access to the entire team (and in particular, Dropbox Business API apps with the "team member file access" permission can operate on specific members, using DropboxTeamClient.AsMember). 

        For "Dropbox API" apps, the access tokens enable access only to the individual account.

        This works the same way regardless of how the access token was retrieved (i.e., OAuth flow vs. "Generate" button).

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,950 PostsLatest Activity: 14 hours ago
352 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!