Forum Discussion

Nickk888's avatar
Nickk888
Explorer | Level 3
7 years ago

Some questions about security

Hello everyone!

I have some questions about the API security.

The application I am programming right now is connected to my dropbox account registered as an App that is using a different directory.

The problem is the token...
For now the token is in a string variable inside the code, because the app will be for other users on the internet, everyone who decompiles the application will get the token right?

So how can I make my app more secure? Could I set that the app can ONLY download and view the content? I don't want other users to mess with the files nor upload something using the token.

Other services are using credentials to make a secure connection and autentification, is it also somehow possible with the Dropbox app?

I'm writing in C# by the way.

Kind regards.
  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. It is technically possible to connect to just one account, by embedding an access token for the desired account in the app itself, like you describe, but we don't recommend doing so, for various technical and security reasons.

    There isn't a way to configure a download-only permission, but I'll pass this along as a feature request. 

    Alternatively, you could consider using shared links to link to content in your Dropbox:


    https://www.dropbox.com/help/files-folders/view-only-access

    You can modify these links for direct access, e.g., to programmatically download from them:


    https://www.dropbox.com/help/desktop-web/force-download

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,950 PostsLatest Activity: 12 hours ago
352 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!