Forum Discussion

Andreas D.8's avatar
Andreas D.8
New member | Level 1
11 years ago

How to make sure clients dont misuse access tokens provided to them?

I want to develop a Dropbox Desktop app that would retrieve an access token via a web service (which in turn would perform OAuth2 authentication and then give the user a magic key that he can enter i...
API
Andreas D.8's avatar
Andreas D.8
New member | Level 1
11 years ago

OK I see, just wanted to know how other people handle this, as you said it's the same issue for Android apps etc. I think this problem can't be solved using the normal OAuth2 flow, since what would be needed is a way to authorize individual requests of the client trough the my backend (i.e. client asks backend to allow him to call a given endpoint URL through the Dropbox API, the backend requests authorization for this from the Dropbox API and sends the client a one-time access code for this). Rate-limiting of individual client access tokens would be another solution I guess.

So, final question: Is it considered acceptable to provide a desktop application with an access token obtained through the API then?

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!