<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: New Dropbox API Updates in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/New-Dropbox-API-Updates/m-p/538986#M25877</link>
    <description>&lt;P&gt;1A) The creation of new long-lived access tokens is now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s). You do not need to have these existing users re-authorize the app.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;1B) For new users, you should use the new short-lived access token and refresh token functionality. You can find more information in the &lt;A href="https://developers.dropbox.com/oauth-guide" target="_self"&gt;OAuth Guide&lt;/A&gt; and &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#authorization" target="_self"&gt;authorization documentation&lt;/A&gt;. You do not technically need to store the short-lived access tokens, only the refresh tokens, since you can use the refresh tokens to get new short-lived access tokens on demand.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Refresh tokens do not expire by themselves, unless/until revoked, e.g., by the app or user. If a refresh token is revoked, you should send the user through the authorization flow to get a new one, if they wish to continue using the integration. (This is just like with revoked long-lived access tokens.)&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;2A) Migrating to scopes does not impact existing access tokens. Existing access tokens will continue to have whatever permission they were originally granted.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;You should migrate your app to scopes and select only the scopes needed for your app. You can migrate your app using the "Permissions" tab of the app's page on &lt;A href="https://www.dropbox.com/developers/apps" target="_self"&gt;the App Console&lt;/A&gt;. You can see which scope is required for each endpoint in the &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation" target="_self"&gt;API documentation&lt;/A&gt;.&lt;/P&gt;</description>
    <pubDate>Thu, 12 Aug 2021 14:41:12 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2021-08-12T14:41:12Z</dc:date>
    <item>
      <title>New Dropbox API Updates</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/New-Dropbox-API-Updates/m-p/538931#M25874</link>
      <description>&lt;P&gt;Hello &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/10"&gt;@Greg-DB&lt;/a&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I received an email from Dropbox -&lt;EM&gt;&lt;STRONG&gt; Action Required: Important Dropbox API Updates.&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;I have an existing Dropbox app that uses old way of scopes/permissions and long-lived access tokens.&lt;BR /&gt;What changes do I need to do on the following 2 Dropbox API updates ?&lt;/P&gt;&lt;P&gt;------------------------------------------------------------------------------------------------------------------------------&lt;BR /&gt;&lt;EM&gt;&lt;STRONG&gt;1. As a reminder, on September 30th, 2021, the Dropbox OAuth flow will no longer return new long-lived access tokens. &lt;/STRONG&gt;&lt;/EM&gt;&lt;BR /&gt;&lt;EM&gt;&lt;STRONG&gt;It will instead return short-lived access tokens, and optionally return refresh tokens. Existing tokens are not impacted.&lt;/STRONG&gt;&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;Apps that require background access will need to update their code to use refresh tokens, which is made easier by using our updated SDKs. &lt;/STRONG&gt;&lt;/EM&gt;&lt;BR /&gt;&lt;EM&gt;&lt;STRONG&gt;All other apps should ensure that users are directed to re-authorize upon token expiration.&lt;/STRONG&gt;&lt;/EM&gt;&lt;BR /&gt;---------&lt;/P&gt;&lt;P&gt;Qs 1A) I have an existing app that stores long-lived access token in the database by asking users to do one-time authroization.&lt;BR /&gt;Do I need to migrate these customers to short-lived access tokens or will the old long-lived access tokens work ?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Qs 1B) For new customers, what design changes are required to be done by me ?&lt;BR /&gt;Do I need to store both short-lived tokens and refresh token or just refresh token in database ?&lt;BR /&gt;What is the life time of refresh token ? What happens wehn the refresh tokens expire ?&lt;BR /&gt;In case refresh token expires, do I need to re-authorize users to get new short-lived access token and refres tokens ?&lt;BR /&gt;Ideally I want to just ask users to sign-up/authorize once.&lt;BR /&gt;-------------------------------------------------------------------------------------------------------------------------------&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;EM&gt;&lt;STRONG&gt;2. The Dropbox API now supports more granular permission scopes. &lt;/STRONG&gt;&lt;/EM&gt;&lt;BR /&gt;&lt;EM&gt;&lt;STRONG&gt;While you review your application’s OAuth flow, be sure to check for scopes that may not be required.&lt;/STRONG&gt;&lt;/EM&gt;&lt;BR /&gt;&lt;BR /&gt;Qs 2A) I have existing users who have granted permissions using the old way.&amp;nbsp; Are these impacted ?&amp;nbsp;&lt;/P&gt;&lt;P&gt;What about new users - do I need to modify scopes/permissions for my Dropbox App or will my App be automatically be updated to new scopes.&lt;BR /&gt;&lt;BR /&gt;Thanks,&lt;BR /&gt;Gagan&lt;/P&gt;</description>
      <pubDate>Thu, 12 Aug 2021 09:26:54 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/New-Dropbox-API-Updates/m-p/538931#M25874</guid>
      <dc:creator>gagsbh</dc:creator>
      <dc:date>2021-08-12T09:26:54Z</dc:date>
    </item>
    <item>
      <title>Re: New Dropbox API Updates</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/New-Dropbox-API-Updates/m-p/538986#M25877</link>
      <description>&lt;P&gt;1A) The creation of new long-lived access tokens is now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s). You do not need to have these existing users re-authorize the app.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;1B) For new users, you should use the new short-lived access token and refresh token functionality. You can find more information in the &lt;A href="https://developers.dropbox.com/oauth-guide" target="_self"&gt;OAuth Guide&lt;/A&gt; and &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#authorization" target="_self"&gt;authorization documentation&lt;/A&gt;. You do not technically need to store the short-lived access tokens, only the refresh tokens, since you can use the refresh tokens to get new short-lived access tokens on demand.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Refresh tokens do not expire by themselves, unless/until revoked, e.g., by the app or user. If a refresh token is revoked, you should send the user through the authorization flow to get a new one, if they wish to continue using the integration. (This is just like with revoked long-lived access tokens.)&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;2A) Migrating to scopes does not impact existing access tokens. Existing access tokens will continue to have whatever permission they were originally granted.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;You should migrate your app to scopes and select only the scopes needed for your app. You can migrate your app using the "Permissions" tab of the app's page on &lt;A href="https://www.dropbox.com/developers/apps" target="_self"&gt;the App Console&lt;/A&gt;. You can see which scope is required for each endpoint in the &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation" target="_self"&gt;API documentation&lt;/A&gt;.&lt;/P&gt;</description>
      <pubDate>Thu, 12 Aug 2021 14:41:12 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/New-Dropbox-API-Updates/m-p/538986#M25877</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2021-08-12T14:41:12Z</dc:date>
    </item>
  </channel>
</rss>

