Learn how to make the most out of the Dropbox Community here 💙. 

Forum Discussion

cjt_au's avatar
cjt_au
New member | Level 2
4 years ago

Can getting an access token be simplified for the clients using my API app solution?

I have a client wanting to link DropBox to FileMaker Pro. I have created the APIs to read, write, delete and grab a shared link, which is all the client wants. But here's the thing: A client has looked at the process of establishing a connection to DropBox using my API authentication script and noticed the numerous obstacles needed to grab an access token before finally allowing access to the DropBox files. We have to login using username and password (fair enough). But then we must solve a puzzle (three times) to prove we are human, followed by clicking on two OK buttons to confirm that the API app created in DropBox can connect to the DropBox files, copy the authorization code, and paste it into the app, and finally the client gets to see the "You are authenticated!". What a mess, and here we are in the 21st century trying to make life easier for the client.

 

Is there any way we can simplify this authentication process? For example, the APIs for connecting to MYOB does not constantly ask whether the app can connect to Dropbox every time we authenticate. It was already established at time of setting up the app.

 

Is there something similar in DropBox?

 

In the meantime I am going to remove the window showing the app has been finally authenticated to a simple message in the UI so the client can straight away work with the files.

 

API
  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff
    4 years ago

    While there isn't a way to simplify the authentication, captcha, and authorization process (though the captcha isn't always shown), this process only needs to be done once per user. After that, the app can store and re-use the resulting credentials without reprocessing that flow.

     

    In order to maintain long-term access to an account via the API without having to manually re-authorize the app repeatedly, the app should have the user process the OAuth app authorization process once, but request "offline" access when doing so.

    When requesting offline access, the app will receive a "refresh token". The app can store and re-use that refresh token repeatedly in order to retrieve new short-lived access tokens, whenever needed. This process of using a refresh token to get a new short-lived access token can be done entirely programmatically, and does not require manual user interaction. Refresh tokens don't expire (though they can be revoked on demand).

     

    You can find more information on this process in the OAuth Guide and authorization documentation. If you're using an SDK, be sure to refer to the respective SDK documentation as well.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,969 PostsLatest Activity: 16 minutes ago
365 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!