Forum Discussion

Josh-IP's avatar
Josh-IP
Explorer | Level 3
3 years ago

Correct Auth Method for My App?

I work at a screen printing company, and we are building a design library app to display our designs to users. The images of the designs are stored in our Dropbox account. I have already set up my Dropbox app from the App Console and have successfully retrieved some image links using the API. However, the next day, the same requests returned an expired access token error.

 

I am aware that Dropbox is transitioning/has transitioned to using short-lived access tokens instead of the long-lived ones. I have found support threads discussing this, but they all direct to the OAuth guide, which seems geared toward apps that use the API to allow other users to interact with their own Dropbox accounts.

 

Because the app we're building ONLY needs access to our own account, I'm unsure of the correct way to handle auth. It seems like permanent access tokens aren't available anymore, but since a user visiting our design library will not have our credentials, sending them to a sign-in screen for OAuth won't work either. What is the correct way to handle auth for this app?

 

Thanks for your time.

API

2 Replies

  • DB-Des's avatar
    DB-Des
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    3 years ago

    Hi there,

     

    Apps can get long-term access by requesting "offline" access, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. Refresh tokens do not expire automatically and can be used repeatedly. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

     

    Hope this helps!

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    3 years ago

    It's also worth noting that whether or not the app is only for use with your own account, using the OAuth app authorization flow is the right way to get long-term access, by retrieving a refresh token. If it's only for your own account, you would just need to process that once yourself.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!