You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

Muneebzzzz's avatar
Muneebzzzz
Explorer | Level 4
6 years ago

Invalid access token

I generated an access token while creating my project on dropbox app console, and used that token to let my user's to fetch data from my drobox using my android app, everything worked fine for months but today i was getting an exception that my access token is not valid, then i generated a new access token from app console and it again started working, now that my token is changed and is affecting my users as they have the old one.. i want to know what has happened and how my token becomes invalid, is the token got changed or what.. i have over 5k installs on google play and now my all users are affecting

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    By default, Dropbox API access tokens for your app(s) don't expire by themselves, but there a number of different ways that a Dropbox API access token can become invalid:

    • the user can revoke all access tokens for an app by unlinking it on the connected apps page
    • any client with the access token can revoke the access token by calling /2/auth/token/revoke
    • if the app uses the "app folder" permission, the token can be disabled by the user deleting the app folder itself in the Dropbox account, either via the Dropbox website or any client
    • the app can be disabled
    • the account that owns the app can be disabled
    • the connected account can be disabled

    Also, I should note that the Dropbox API was designed with the intention that each end-user would link their own Dropbox account, in order to interact with their own files, in which case they would only have access to their own access token(s).

    It is technically possible to connect to just one account, by always using a specific access token, for all end-users of your app, and it sounds like that's what you're doing in this case. Please be aware that we don't recommend doing so, for various technical and security reasons. This is especially true for client-side apps, such as Android apps, as they can't keep the access token a secret from the end-users.

    • Muneebzzzz's avatar
      Muneebzzzz
      Explorer | Level 4
      Aslo note down that my app console is still in development mode and my app is published on playstore,i have hard coded the access token in my android app so the users can able to fetch data from my dropbox withouth any aunthentication, is that may be the reason that my access token gets invalid because my app console is still in development mode?
      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        No, your app being in development mode would not affect access token validity. The development mode only limits how many different Dropbox accounts can be connected to your app. Since you are only connecting your app to your one account, that isn't relevant. 

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,895 PostsLatest Activity: 3 hours ago
328 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!