Forum Discussion

Explorer | Level 3

3 years ago

Dropbox sign refresh token getting expire after 1 hour

Hello, I have successfully implemented the authentication flow for the Dropbox Sign API and obtained the initial access token and refresh token. However, I noticed that the refresh token expires af...

API

useparagon

Explorer | Level 3

3 years ago

Thanks for the quick reply, I understand that access tokens have a short lifespan and refresh tokens have a large lifespan but in my case, both tokens seem to work fine for 1 hour. If I try to refresh the access token after 1 hour I am simply getting the error that I have mentioned above in the conversation.

DB-Des

Dropbox Community Moderator

3 years ago

Did you get a chance to read over the documentation for Dropbox Sign's OAuth workflow?

Only reason I'm asking is because the samples you provided include endpoints not related to Dropbox Sign API, with parameters that seem to be for Dropbox API's OAuth workflow and not Dropbox Sign's.

For example, your authUrl :

authUrl='https://app.hellosign.com/oauth/authorize?response_type=code&client_id=12345678&redirect_uri=redirect-url&token_access_type=offline&state=121324234'

is using endpoint /oauth/authorize which is not an endpoint for Dropbox Sign API. Also, the query parameters are not relevant to Dropbox Sign — except for client_id and state.

Additionally, the body you are sending on your request:

--data '{
    "code": "code",
    "grant_type": "authorization_code",
    "redirect_uri": "redirect_uri",
    "client_id": "client_id",
    "client_secret": "client_secret"
}'

is missing the state parameter. Also redirect_uri is not relevant to Dropbox Sign.

I would recommend attempting the following cURL command to generate an access token:

curl -X POST 'https://app.hellosign.com/oauth/token' \
  -u 'YOUR_API_KEY:' \
  -F 'client_id=YOUR_CLIENT_ID' \
  -F 'state=state' \
  -F 'code=code' \
  -F 'grant_type=authorization_code' \
  -F 'client_secret=client_secret'

And the following to generate a new access token, when needed:

curl -X POST 'https://app.hellosign.com/oauth/token?refresh' \
  -u 'YOUR_API_KEY:' \
  -F 'grant_type=refresh_token' \
  -F 'refresh_token=refresh_token'

If you are still receiving errors from Sign's API OAuth endpoints. Go ahead and contact our support team, from the email you are using to test Dropbox Sign's API, so they can further troubleshoot.

About Dropbox Sign API

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Forum Discussion

Dropbox sign refresh token getting expire after 1 hour

About Dropbox Sign API

Related Content

Get refresh token from access token?

Qt OAuth get refresh token

How to get a refresh token

How to get an Access Token from a Refresh token from within B4A

How to get an access token and refresh token

Recent Discussions

Multiple Signers: Both Embedded + Non-Embedded workflows?

Embedded request - requester_email_address can be a mail that not relate to a user?

Setting expiry date with create_embedded_with_template

Template Created callback does not contain metadata for Date signed field type

Missing parameter: client_id for lwc