<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Can app key be published? in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-app-key-be-published/m-p/228822#M12402</link>
    <description>&lt;P&gt;In APIv1, there was an app secret and app key, but in APIv2 I only seem to need the app key. Is the app key something that needs to be kept secret? Can I safely publish the app key in the open source repository for my application?&lt;/P&gt;</description>
    <pubDate>Wed, 29 May 2019 09:21:22 GMT</pubDate>
    <dc:creator>jorgenpt</dc:creator>
    <dc:date>2019-05-29T09:21:22Z</dc:date>
    <item>
      <title>Can app key be published?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-app-key-be-published/m-p/228822#M12402</link>
      <description>&lt;P&gt;In APIv1, there was an app secret and app key, but in APIv2 I only seem to need the app key. Is the app key something that needs to be kept secret? Can I safely publish the app key in the open source repository for my application?&lt;/P&gt;</description>
      <pubDate>Wed, 29 May 2019 09:21:22 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-app-key-be-published/m-p/228822#M12402</guid>
      <dc:creator>jorgenpt</dc:creator>
      <dc:date>2019-05-29T09:21:22Z</dc:date>
    </item>
    <item>
      <title>Re: Can app key be published?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-app-key-be-published/m-p/228969#M12413</link>
      <description>&lt;P&gt;When using the OAuth 2 "token" flow, only the app key is necessary and the app secret isn't used. In the "code" flow, both the app key and secret are necessary. You can find more information on the different OAuth 2 flows in the documentation here:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize" target="_blank"&gt;https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Our general guidance is that when you're releasing your app to be used by users, you can certainly embed your key in the app, so that the app will work and let them link it to their accounts without any additional work.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;On the other hand, if you release the code itself, for example on GitHub, etc., you don't recommend&amp;nbsp;including your app key. This way, if anyone forks the code (in essence, making their own version of the app), they will have to get their own app key. That lets the Dropbox API distinguish between the different versions of the apps, and in case one of them misbehaves, any action taken will only affect the one misbehaving version.&lt;/P&gt;</description>
      <pubDate>Fri, 23 Jun 2017 20:30:11 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-app-key-be-published/m-p/228969#M12413</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2017-06-23T20:30:11Z</dc:date>
    </item>
  </channel>
</rss>

