Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Multiple users interacting with one Dropbox account via the API
Hi! I'm building a JS web app that requires end-users that are logged into the app, to interact with one Dropbox account via the API. The interaction is based on new files being created when a wh...
oatcake wrote:...
So I assume that what I'm trying to do is possible but not advised?...
Hi oatcake,
You haven't mentioned, your application is server side one or user side. Server side application doesn't provide to users any sensitive information you don't provide explicitly. It's much more complex for client side application! To be able connect to Dropbox account, client needs particular authentication information. Once you provide your account information to a client, how are you planning to protect against undesired access? 🤔 It's a difficult task (a security management task)!!! Are you still thinking to use single account on client side application? Think again!
Hope this clarifies possible issues.
It's a client side app built using React.
'how are you planning to protect against undesired access?'...by using the Dropbox SDK to handle authentication? I've been able to implement the auth flow for one end-user and assumed that would work the same way for other end-users using the web app but when I read that the API is not designed to be used that way I thought I better ask for some advice.
Log in to the actual app will be taken care of by Firebase auth protocol.
Thanks for the reply!
Probably I'm not clear enough...
Yes Dropbox API uses secure connection and, Yes, data transfer is protected. That's not a possible issue. To be initiated any transfer (secure or not, doesn't matter) authentication token is need to provide access to your account in client browser. It's impossible a client to get access to your account without token! Probably that's what you are missing..., be careful. What will prevent a person to fetch this token and use it in arbitrary context, so can steal data, damage it, or heart in other way your privacy? 🧐 Dropbox servers can NOT know is particular action got intended by you or not! Once token authentication is Ok, everything is Ok (Dropbox servers point of view). Don't forget this!
Thanks again for the reply. I understand your advice regarding the tokens.
I'm specifically asking how to go about allowing access to multiple end-users, that are securely logged into my app, to access the same Dropbox account taking into consideration the following quote that alluded to it being possible, 'do you mean that your end-users should only be interacting with the contents of your own one Dropbox account? That's not the intended/supported use of the API, but it is technically possible'.
Perhaps Greg-DB could shine some light on this as he left the comment in this thread https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/API-Newbie-Authenticating-and-using-on-client-side-while-keeping/m-p/527479
oatcake wrote:...
I'm specifically asking how to go about allowing access to multiple end-users, that are securely logged into my app, to access the same Dropbox account ...
Hi oatcake,
Seems you haven't read carefully my previous posts above. Ok, your account is identified and authenticated with corresponding tokens. You need to pass to the client a regular access token, at least. If the user session can get prolonged for more than 4 hours, then refresh token have to be passed too. Once token(s) is/are available, you can initialize a client object and... perform whatever needed (all desired actions in your application). 😉 That's it.
Just take care while token transfer and keeping in the user browser session (where they can be popped from easily).
Hope this helps.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
