We Want to Hear From You! What Do You Want to See on the Community? Tell us here!
Forum Discussion
Solved
How can I authenticate mobile app to upload to my business dropbox folder
I'm developing android app that needs to let any user to upload to my business specific folder. Shell I save ACCESS_TOKEN in their app or use API Key/Secret.
I'm really confused, because I see the ACCESS_TOKEN will allow them to access my whole dropbox account which is wrong for me, I need them just access specific folder.
Please help.
It sounds like you want all of the users of your app to connect to your own Dropbox account only. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons.
However if you did want to go this route, instead of kicking off the authorization flow, you would manually use an existing access token for your account and app. (Just be careful not to revoke it, e.g. via https://www.dropbox.com/account/connected_apps .)
For reference, any access token will enable access to the extent allowed by the permission for your app. For example, if your app is registered for the full Dropbox permission, it will allow access to the entire Dropbox. The app folder permission would only allow access to the app folder. You can find more information on the different permissions here:
https://www.dropbox.com/developers/reference/developer-guide#app-permissions
The app folder permission would be closer to what you want, but note that it's not safe to expose an access token like this. A malicious use could use it and access anything else in the folder, for example.
1 Reply
- Greg-DB
Dropbox Community Moderator
It sounds like you want all of the users of your app to connect to your own Dropbox account only. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons.
However if you did want to go this route, instead of kicking off the authorization flow, you would manually use an existing access token for your account and app. (Just be careful not to revoke it, e.g. via https://www.dropbox.com/account/connected_apps .)
For reference, any access token will enable access to the extent allowed by the permission for your app. For example, if your app is registered for the full Dropbox permission, it will allow access to the entire Dropbox. The app folder permission would only allow access to the app folder. You can find more information on the different permissions here:
https://www.dropbox.com/developers/reference/developer-guide#app-permissions
The app folder permission would be closer to what you want, but note that it's not safe to expose an access token like this. A malicious use could use it and access anything else in the folder, for example.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
