Is it possible to get a separate access token for each team member in the business api?Can the Team members authenticate themselves to enable an app to access team-shared folders? (Maybe when a team admin has authenticated the app already or not)How do i properly get the correct user id (for select_user param), preventing them from accessing other member's private folders but allowing access to their own?

1. No, the API doesn't offer a way to get separate member-specific access tokens for a Dropbox Business API app, but I'll pass this along as a feature request. 2. If the app is registered for the "Dropbox API" with the "Full Dropbox" permission, it can be authorized by any user (whether on a team or not, and whether a team admin or not) and the app will be able to acess anything that user can access (e.g., including team content that they have access to.) If the app is registered for the "Dropbox Business API" with the "Team member file access" permission, it can only be authorize by a team admin and the app will be able to access any team content. Non-admin members cannot authorize Business API apps. 3. Dropbox Business API apps can list all team members using /2/team/members/list[/continue], or look up specific members, e.g., via email address, using /2/team/members/get_info. In either case, the returned TeamMemberInfo will contain the team_member_id that you can use with the 'Dropbox-API-Select-User' header. Note that the access token for a "Dropbox Business API" app with the "Team member file access" permission can access any team content, so it should not be exposed to non-admin members, and you should implement the logic in your app to only allow access to team content to non-members via your app itself to the extent intended as necessary.

Forum Discussion

AlemoDaniel

Helpful | Level 6

8 years ago

Solved

Getting separate Access Tokens for each Team Member in Business API

Is it possible to get a separate access token for each team member in the business api?
Can the Team members authenticate themselves to enable an app to access team-shared folders? (Maybe when a team admin has authenticated the app already or not)
How do i properly get the correct user id (for select_user param), preventing them from accessing other member's private folders but allowing access to their own?

API

Greg-DB
8 years ago
1. No, the API doesn't offer a way to get separate member-specific access tokens for a Dropbox Business API app, but I'll pass this along as a feature request.

2. If the app is registered for the "Dropbox API" with the "Full Dropbox" permission, it can be authorized by any user (whether on a team or not, and whether a team admin or not) and the app will be able to acess anything that user can access (e.g., including team content that they have access to.)

If the app is registered for the "Dropbox Business API" with the "Team member file access" permission, it can only be authorize by a team admin and the app will be able to access any team content. Non-admin members cannot authorize Business API apps.

3. Dropbox Business API apps can list all team members using /2/team/members/list[/continue], or look up specific members, e.g., via email address, using /2/team/members/get_info. In either case, the returned TeamMemberInfo will contain the team_member_id that you can use with the 'Dropbox-API-Select-User' header.

Note that the access token for a "Dropbox Business API" app with the "Team member file access" permission can access any team content, so it should not be exposed to non-admin members, and you should implement the logic in your app to only allow access to team content to non-members via your app itself to the extent intended as necessary.

3 Replies

Greg-DB
Dropbox Community Moderator
8 years ago
1. No, the API doesn't offer a way to get separate member-specific access tokens for a Dropbox Business API app, but I'll pass this along as a feature request.

2. If the app is registered for the "Dropbox API" with the "Full Dropbox" permission, it can be authorized by any user (whether on a team or not, and whether a team admin or not) and the app will be able to acess anything that user can access (e.g., including team content that they have access to.)

If the app is registered for the "Dropbox Business API" with the "Team member file access" permission, it can only be authorize by a team admin and the app will be able to access any team content. Non-admin members cannot authorize Business API apps.

3. Dropbox Business API apps can list all team members using /2/team/members/list[/continue], or look up specific members, e.g., via email address, using /2/team/members/get_info. In either case, the returned TeamMemberInfo will contain the team_member_id that you can use with the 'Dropbox-API-Select-User' header.

Note that the access token for a "Dropbox Business API" app with the "Team member file access" permission can access any team content, so it should not be exposed to non-admin members, and you should implement the logic in your app to only allow access to team content to non-members via your app itself to the extent intended as necessary.
AlemoDaniel
Helpful | Level 6
8 years ago
Thank you for your answer.

Regarding question 2: As it appears to me in the namespace guide (https://www.dropbox.com/developers/reference/namespace-guide) i need to use two api requests to fetch a team user's root directory:
Get root Namespace id via users/get_current_account
Get folder list via files/list_folder using the root namespace id
Is there a way to get the root folder directly without having to supply a namespace id?
Greg-DB
Dropbox Community Moderator
8 years ago
No, there isn't a way to do this in one call. You need to supply the root ID.

This is in order to prevent calls in unexpected namespaces, e.g., in case the user changes teams:

"The intent of the root mode is to guarantee the namespace_id specified as the root is indeed the root for that user. The namespace ID for a user's "root" can change if the user joins/leaves/changes teams. This mode will test whether the namespace ID passed in as the root is the correct root namespace for the user. If this value does not match the users root_namespace_id , a 422 error will be returned."

About Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Forum Discussion

Getting separate Access Tokens for each Team Member in Business API

3 Replies

About Dropbox API Support & Feedback

Related Content

I accidentally linked two separate Business teams

Separating Personal and Business account

Has the name of Advanced Business changed to Business Plus, or are these two separate plans?

Dropbox separate storage

Separating Teams and Personal/Paid Accounts

Recent Discussions

How to Programmatically Get a List of All Registered Apps and Their Permissions?

Oauth This app is not valid

Bulk download to user's account

Scoped access within shared environment

Use dropbox a file storage for my own app