We Want to Hear From You! What Do You Want to See on the Community? Tell us here!

Forum Discussion

ralph86's avatar
ralph86
Explorer | Level 3
9 years ago
Solved

API v2 access token validity

Hi,

 

We're upgrading from v1 to v2 and the new oauth2 is still not clear to me.

On the API documentation pages it says that the code authorization flow gives you the access token (after you used the given code) and there is also told about a refresh token? That implies that the access code now has a expiration date? I hope not.

I thought that the access tokens (for use as authorization bearer) were valid until revoked by user?
So where are the refresh tokens for or are they optional? Can we just use the access tokens and use that until our customer revokes access? If not, how does the refresh tokens work? Please give some PHP / cURL examples if the refresh tokens are required.

 

Thank you in advance!

 

API
  • Greg-DB's avatar
    Greg-DB
    9 years ago
    The Dropbox API OAuth 2 implementation does not use refresh tokens. (Can you link to the part of the documentation that was confusing? We can look into clarifying it.)

    Dropbox API OAuth 2 access tokens don't expire, but can be revoked at any time by the user or app.

    Note that "authorization codes" are different, and do expire after a few minutes. They should only be used immediately once to get an access token.

4 Replies

Replies have been turned off for this discussion
  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    9 years ago
    The Dropbox API OAuth 2 implementation does not use refresh tokens. (Can you link to the part of the documentation that was confusing? We can look into clarifying it.)

    Dropbox API OAuth 2 access tokens don't expire, but can be revoked at any time by the user or app.

    Note that "authorization codes" are different, and do expire after a few minutes. They should only be used immediately once to get an access token.
  • ralph86's avatar
    ralph86
    Explorer | Level 3
    9 years ago

    Thanks, clear!

    I don't know where the specific page is located (I just browsed the docs).

    Another thing that isn't clear to me yet is the authorization page, the link differs in the doc.

     

    This page says:
    https://www.dropbox.com/1/oauth2/authorize?
    Page: https://www.dropbox.com/developers/reference/oauth-guide

     

    While this page says:
    https://www.dropbox.com/oauth2/authorize

    Page: https://www.dropbox.com/developers/documentation/http/documentation

     

    What's the difference?

     

    Thanks again!

     

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    9 years ago
    Those two are effectively the same. The first one was built with API v1, but we added another route without that part of the URL since it can be used for both API v1 and API v2. You should use the second one, without the /1/.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.6,036 PostsLatest Activity: 2 days ago
411 Following

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!