<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Access token in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token/m-p/544017#M26010</link>
    <description>&lt;P&gt;The Dropbox API offers two different types of access tokens: long-lived and short-lived. Both types can be used to make Dropbox API calls. You can find more information on how the authorization system works in &lt;A href="https://developers.dropbox.com/oauth-guide" target="_self"&gt;the OAuth Guide&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Long-lived access tokens do not expire automatically, though they can be revoked by the user or app on demand. Note that the creation of new long-lived access tokens is now &lt;A href="https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens" target="_blank"&gt;deprecated&lt;/A&gt;, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption. You are not required to migrate existing long-lived access tokens to short-lived access tokens.&lt;/LI&gt;
&lt;LI&gt;Short-lived access tokens do expire automatically, four hours after being created. They can also be revoked by the user or app on demand.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Short-lived access tokens can be identified by their "sl." prefix. Long-lived access tokens do not have such a prefix.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Currently, when getting an access token via the "Generate" button on the app's page on &lt;A href="https://www.dropbox.com/developers/apps" target="_self"&gt;the App Console&lt;/A&gt;, or the "&amp;lt;get access token&amp;gt;" link in &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation" target="_blank"&gt;the examples&lt;/A&gt;, the type of access token returned will be determined by the "Access token expiration" setting for the app at that time.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;For either kind of access token, the Dropbox API does have a rate limiting system, though we don't have specific rate numbers documented. Also note that not all error responses with a 429 and 503 status code indicate explicit rate limiting, but in any case that you get a 429 or 503 the best practice is to retry the request, respecting the Retry-After header if given in the response, or using an exponential back-off, if not. I recommend referring to the &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#error-handling" rel="noreferrer" target="_blank"&gt;error documentation&lt;/A&gt; and &lt;A href="https://developers.dropbox.com/error-handling-guide" rel="noreferrer" target="_blank"&gt;Error Handling Guide&lt;/A&gt; for more information.&lt;/P&gt;</description>
    <pubDate>Thu, 09 Sep 2021 20:52:14 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2021-09-09T20:52:14Z</dc:date>
    <item>
      <title>Access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token/m-p/544001#M26009</link>
      <description>&lt;P&gt;I use Dropbox API for only &lt;A title="method documentation" href="https://www.dropbox.com/developers/documentation/http/documentation#files-download" target="_blank" rel="noopener"&gt;/download&lt;/A&gt;&amp;nbsp;method.&amp;nbsp;To access it, I've generated an access token by clicking on the "&amp;lt;get access token&amp;gt;" button from the example.&lt;/P&gt;&lt;P&gt;How long does this access key "live"? Are there any restrictions on the number of requests for this method?&lt;BR /&gt;If my scheme for working with the API is wrong, which option is better?&lt;/P&gt;</description>
      <pubDate>Thu, 09 Sep 2021 19:23:01 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token/m-p/544001#M26009</guid>
      <dc:creator>MeShootIn</dc:creator>
      <dc:date>2021-09-09T19:23:01Z</dc:date>
    </item>
    <item>
      <title>Re: Access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token/m-p/544017#M26010</link>
      <description>&lt;P&gt;The Dropbox API offers two different types of access tokens: long-lived and short-lived. Both types can be used to make Dropbox API calls. You can find more information on how the authorization system works in &lt;A href="https://developers.dropbox.com/oauth-guide" target="_self"&gt;the OAuth Guide&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Long-lived access tokens do not expire automatically, though they can be revoked by the user or app on demand. Note that the creation of new long-lived access tokens is now &lt;A href="https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens" target="_blank"&gt;deprecated&lt;/A&gt;, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption. You are not required to migrate existing long-lived access tokens to short-lived access tokens.&lt;/LI&gt;
&lt;LI&gt;Short-lived access tokens do expire automatically, four hours after being created. They can also be revoked by the user or app on demand.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Short-lived access tokens can be identified by their "sl." prefix. Long-lived access tokens do not have such a prefix.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Currently, when getting an access token via the "Generate" button on the app's page on &lt;A href="https://www.dropbox.com/developers/apps" target="_self"&gt;the App Console&lt;/A&gt;, or the "&amp;lt;get access token&amp;gt;" link in &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation" target="_blank"&gt;the examples&lt;/A&gt;, the type of access token returned will be determined by the "Access token expiration" setting for the app at that time.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;For either kind of access token, the Dropbox API does have a rate limiting system, though we don't have specific rate numbers documented. Also note that not all error responses with a 429 and 503 status code indicate explicit rate limiting, but in any case that you get a 429 or 503 the best practice is to retry the request, respecting the Retry-After header if given in the response, or using an exponential back-off, if not. I recommend referring to the &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#error-handling" rel="noreferrer" target="_blank"&gt;error documentation&lt;/A&gt; and &lt;A href="https://developers.dropbox.com/error-handling-guide" rel="noreferrer" target="_blank"&gt;Error Handling Guide&lt;/A&gt; for more information.&lt;/P&gt;</description>
      <pubDate>Thu, 09 Sep 2021 20:52:14 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token/m-p/544017#M26010</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2021-09-09T20:52:14Z</dc:date>
    </item>
  </channel>
</rss>

