Forum Discussion

slingxshot's avatar
slingxshot
Explorer | Level 3
8 years ago

Auth Token Question

Hello, 

 

I am using JavaScript API from dropbox. Is there a way to generate a temp token, so it expires after its used once? 

 

I find a permanent token is risky, anyone can just upload anything to my account.

 

Thanks!

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    No, the Dropbox API doesn't automatically expiring tokens, but I'll be sure to pass this along as a feature request. You can revoke any token on demand though, using authTokenRevoke.

     

    Also, note that the API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. We don't recommend doing so, for various technical and security reasons, such as what you mentioned.

    • slingxshot's avatar
      slingxshot
      Explorer | Level 3

      So it sounds like I will need to do this server side like PHP or Java to hide the token, etc?

       

      Thanks

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff
        Yes, that would be the only safe way to do it.