Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Using dropbox as a repository for an application
Hello all,
My team and I have some questions around the API features offered by Standard/Advanced plan.
Currently, we are thinking to build an application where the end users can upload d...
Thank you for the reply. It is really insightful.
Just to confirm what you wrote below..
Actually you can let user access safely your account, but not directly using Dropbox API connection. If you build your server side application (or part of the application), then the server code (build and driven by you) will provide access to the account and your users will be able access there according the application design (on your strict control). In such a way users don't need any Dropbox account at all.
If I understand you correctly, if we are able to make an application that have proper control carefully, end users can access our Dropbox account embedded in the application where they can upload/edit/delete files of what they upload. In such case, the application connected with our account will communicate with Dropbox via API to make such actions.
For instance, if we control from the application side such using the metadata attached toe the files, will that be possible?
And what if, somehow the end users get to know the ID/PW of the account, is there a way to prevent the end users from logging in Dropbox?
I see there is network control feature provided in Enterprise plan. https://help.dropbox.com/security/network-control?fallback=true
How about standard/advanced plan?
Greg-DB Will the above work?
Hm..🤔 Seems, I was not clear enough. I will try make it clearer.
new_to_dreamland wrote:...
If I understand you correctly, if we are able to make an application that have proper control carefully, end users can access our Dropbox account embedded in the application where they can upload/edit/delete files of what they upload. In such case, the application connected with our account will communicate with Dropbox via API to make such actions.
For instance, if we control from the application side such using the metadata attached toe the files, will that be possible?
...
As far as I can see, you mean server side application (or server side part of the application). I suppose with "embedded" you mean provided credentials to the server side of your application by you. Yes, using those credentials, your application can perform everything particular user may need under your control. Just to add here, you're gonna need to implement your own authentication mechanism for your users, to be able identify who and what is going to do and so, on that base, make control. Again only server side the application is connected to your account! Don't do it on client side. If with "application side" you mean client side, accessing all data, from your client side part of the application (either standalone or web), has to be performed through connection to the server side part, not directly to Dropbox.
new_to_dreamland wrote:...
And what if, somehow the end users get to know the ID/PW of the account, is there a way to prevent the end users from logging in Dropbox?
...
In all cases users should know only their own Dropbox account ID/PW, if any. You shouldn't provide such a information to any user (otherwise the user will be able impersonate as you)! You should avoid providing not only ID/PW, but any kind of other authorization information, like different types of tokens.
As I said, you need to realize your own authorization system to distinguish different users. To be able use Dropbox for such purpose you will need to expect users to have their own Dropbox account everybody (i.e. the other variant described in my previous post).
Additional protection can be provided by Dropbox against some network risks, but it's something different.
Hope this sheds some more light.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
