One month down in 2025: How are your resolutions coming along? Check out how to get back on track here.
Forum Discussion
StormDragon_64
4 years agoExplorer | Level 3
DropboxResponseError: Response failed with a 400 code
I was testing my (on replit) website that uses dropbox for downloads. The website works fine, but when I click the download button, nothing downloads and this appears in the logs:
(BTW this is bash)
DropboxResponseError: Response failed with a 400 code
at /home/runner/Chocolate-Syrup-picker/src/node_modules/dropbox/cjs/src/response.js:34:11
at processTicksAndRejections (internal/process/task_queues.js:95:5) {
status: 400,
headers: Headers {
[Symbol(map)]: [Object: null prototype] {
'cache-control': [Array],
'content-security-policy': [Array],
'x-content-type-options': [Array],
'content-type': [Array],
'accept-encoding': [Array],
date: [Array],
server: [Array],
'content-length': [Array],
'strict-transport-security': [Array],
'x-robots-tag': [Array],
'x-dropbox-response-origin': [Array],
'x-dropbox-request-id': [Array],
connection: [Array]
}
},
error: 'Error in call to API function "files/upload": The given OAuth 2 access token is malformed.'
}
- Greg-DB
Dropbox Staff
I see that you're getting the error "The given OAuth 2 access token is malformed". This error message should indicate that the access token being provided by the client (generally supplied as a "Bearer" value in the "Authorization" header of the HTTPS request sent by the third party app) is not of a valid Dropbox access token format. When sending the access token, the app needs to send the entire and exact access token unmodified, as it was originally supplied by Dropbox.
Note that Dropbox currently has two types of access tokens: long-lived and short-lived. Long-lived access tokens should be 64 characters long total, while short-lived access tokens start with "sl." and will have more than 64 characters.
I'm not aware of any issues that should currently be causing this error to be returned incorrectly. I also just tried both types of access tokens and they are working correctly for me.
Please check that your app has a full valid access token string loaded, and that it is sending the access token without modifying it. For instance, make sure that there are not stray characters or whitespace added to the access token.
For example, with the Dropbox JavaScript SDK, you supply the access token in the the 'Dropbox' constructor.
- StormDragon_64Explorer | Level 3
Does that look good? Also should I be storing the file in the src folder or somewhere else?
(Also the capital A's were there when dropbox gave me the new token, I think I was just lucky)- Greg-DB
Dropbox Staff
That looks like a valid long-lived access token. Can you double check that this is the exact string being used? Can you share the rest of the relevant code where this is used for reference?
By the way, note that access tokens enable access to Dropbox accounts, so for the sake of security, you should never share access tokens like this. I've redacted it from your post, but since this access token has been shared here, you should disable this access token. You can do so by revoking access to the app entirely, if the access token is for your account, here:
https://www.dropbox.com/account/connected_apps
Or, you can disable just this access token using the API:
https://www.dropbox.com/developers/documentation/http/documentation#auth-token-revoke
Note that doing so will cause any further API calls made using this access token to fail. This cannot be undone, and you would need to get a new access token to replace this one.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,941 PostsLatest Activity: 2 days ago
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!