<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Multiple users interacting with one Dropbox account via the API in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587474#M27343</link>
    <description>&lt;P&gt;It's a client side app built using React.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;'&lt;SPAN&gt;how are you planning to protect against undesired access?'...by using the Dropbox SDK to handle authentication? I've been able to implement the auth flow for one end-user and assumed that would work the same way for other end-users using the web app but when I read that the API is not designed to be used that way I thought I better ask for some advice.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Log in to the actual app will be taken care of by Firebase auth protocol.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Thanks for the reply!&lt;/SPAN&gt;&lt;/P&gt;</description>
    <pubDate>Thu, 31 Mar 2022 14:35:17 GMT</pubDate>
    <dc:creator>oatcake</dc:creator>
    <dc:date>2022-03-31T14:35:17Z</dc:date>
    <item>
      <title>Multiple users interacting with one Dropbox account via the API</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587455#M27341</link>
      <description>&lt;P&gt;Hi!&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I'm building a JS web app that requires end-users that are logged into the app, to interact with one Dropbox account via the API. The interaction is based on new files being created when a when a form is submitted, triggering an API call and using information from the form.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;However I'm unsure how to go about the auth process that requires multiple people on different computers to interact with one Dropbox account after I read in another post on the forum, '&lt;SPAN&gt;do you mean that your end-users should only be interacting with the contents of your own one Dropbox account? That's not the intended/supported use of the API, but it is technically possible'. &lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;So I assume that what I'm trying to do is possible but not advised? Could anyone shed a light on how it is technically possible or some alternative routes please.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Just to add, the account is a Business account that has assigned users...perhaps this opens up some other opportunities&amp;nbsp;to achieve&amp;nbsp;what I want to do?&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Thanks&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 31 Mar 2022 13:32:09 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587455#M27341</guid>
      <dc:creator>oatcake</dc:creator>
      <dc:date>2022-03-31T13:32:09Z</dc:date>
    </item>
    <item>
      <title>Re: Multiple users interacting with one Dropbox account via the API</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587472#M27342</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1530978"&gt;@oatcake&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;&lt;SPAN&gt;...&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;So I assume that what I'm trying to do is possible but not advised?...&lt;/SPAN&gt;&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1530978"&gt;@oatcake&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;You haven't mentioned, your application is server side one or user side. Server side application doesn't provide to users any sensitive information you don't provide explicitly. It's much more complex for client side application! To be able connect to Dropbox account, client needs particular authentication information. Once you provide your account information to a client, how are you planning to protect against undesired access? &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@9AD39CA637682E9616FBE31CDAF1B6C4/emoticons/1f914.png" alt=":thinking_face:" title=":thinking_face:" /&gt; It's a difficult task (a security management task)!!! Are you still thinking to use single account on client side application? Think again!&lt;/P&gt;&lt;P&gt;Hope this clarifies possible issues.&lt;/P&gt;</description>
      <pubDate>Thu, 31 Mar 2022 14:18:02 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587472#M27342</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-03-31T14:18:02Z</dc:date>
    </item>
    <item>
      <title>Re: Multiple users interacting with one Dropbox account via the API</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587474#M27343</link>
      <description>&lt;P&gt;It's a client side app built using React.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;'&lt;SPAN&gt;how are you planning to protect against undesired access?'...by using the Dropbox SDK to handle authentication? I've been able to implement the auth flow for one end-user and assumed that would work the same way for other end-users using the web app but when I read that the API is not designed to be used that way I thought I better ask for some advice.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Log in to the actual app will be taken care of by Firebase auth protocol.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Thanks for the reply!&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 31 Mar 2022 14:35:17 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587474#M27343</guid>
      <dc:creator>oatcake</dc:creator>
      <dc:date>2022-03-31T14:35:17Z</dc:date>
    </item>
    <item>
      <title>Re: Multiple users interacting with one Dropbox account via the API</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587479#M27344</link>
      <description>&lt;P&gt;Probably I'm not clear enough...&lt;/P&gt;&lt;P&gt;Yes Dropbox API uses secure connection and, Yes, data transfer is protected. That's not a possible issue. To be initiated any transfer (secure or not, doesn't matter) authentication token is need to provide access to your account in client browser. It's impossible a client to get access to your account without token! Probably that's what you are missing..., be careful. What will prevent a person to fetch this token and use it&amp;nbsp; in arbitrary context, so can steal data, damage it, or heart in other way your privacy? 🧐 Dropbox servers can NOT know is particular action got intended by you or not! Once token authentication is Ok, everything is Ok (Dropbox servers point of view). Don't forget this!&lt;/P&gt;</description>
      <pubDate>Thu, 31 Mar 2022 14:50:23 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587479#M27344</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-03-31T14:50:23Z</dc:date>
    </item>
    <item>
      <title>Re: Multiple users interacting with one Dropbox account via the API</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587505#M27346</link>
      <description>&lt;P&gt;Thanks again for the reply. I understand your advice regarding the tokens.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I'm specifically asking how to go about allowing access to multiple end-users, that are securely logged into my app, to access the same Dropbox account taking into consideration the following quote that alluded to it being possible, '&lt;SPAN&gt;do you mean that your end-users should only be interacting with the contents of your own one Dropbox account? That's not the intended/supported use of the API, but it is technically possible'.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Perhaps Greg-DB could shine some light on this as he left the comment in this thread&amp;nbsp;&lt;A href="https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/API-Newbie-Authenticating-and-using-on-client-side-while-keeping/m-p/527479" target="_blank"&gt;https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/API-Newbie-Authenticating-and-using-on-client-side-while-keeping/m-p/527479&lt;/A&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 31 Mar 2022 16:32:11 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587505#M27346</guid>
      <dc:creator>oatcake</dc:creator>
      <dc:date>2022-03-31T16:32:11Z</dc:date>
    </item>
    <item>
      <title>Re: Multiple users interacting with one Dropbox account via the API</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587513#M27347</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1530978"&gt;@oatcake&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;...&lt;/P&gt;&lt;P&gt;I'm specifically asking how to go about allowing access to multiple end-users, that are securely logged into my app, to access the same Dropbox account ...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1530978"&gt;@oatcake&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;Seems you haven't read carefully my previous posts above. Ok, your account is identified and authenticated with corresponding tokens. You need to pass to the client a regular access token, at least. If the user session can get prolonged for more than 4 hours, then refresh token have to be passed too. Once token(s) is/are available, you can initialize a client object and... perform whatever needed (all desired actions in your application).&amp;nbsp;&lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@41457EF40051AFF130FDBFE21B496926/emoticons/1f609.png" alt=":winking_face:" title=":winking_face:" /&gt; That's it.&lt;/P&gt;&lt;P&gt;Just take care while token transfer and keeping in the user browser session (where they can be popped from easily).&lt;/P&gt;&lt;P&gt;Hope this helps.&lt;/P&gt;</description>
      <pubDate>Thu, 31 Mar 2022 17:01:20 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587513#M27347</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-03-31T17:01:20Z</dc:date>
    </item>
    <item>
      <title>Re: Multiple users interacting with one Dropbox account via the API</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587560#M27349</link>
      <description>&lt;P&gt;Hello&amp;nbsp;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1530978"&gt;@oatcake&lt;/a&gt;&amp;nbsp;,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;No this is not something we support nor is it something you should be doing to ensure the Dropbox account remains secure. If the end goal is that every user that submits a form, it creates a Dropbox file on a single account, it should not be done entirely client-side. If you do it all client-side, it would be exposing the access token to that Dropbox account and thus anyone could use that to make calls on behalf of that user.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;An approach that would remove this risk would be to make these calls from a backend. Essentially, you would send the form data to the backend and the backend (which would have access to the token), would then upload this data to Dropbox thus removing the ability for the client-side users to access the Dropbox account directly.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;If you are looking for an entirely client-side solution, there are plenty of form services that can upload results to a central location (although I don't know of any specifically that would upload to Dropbox).&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thanks,&lt;/P&gt;
&lt;P&gt;Brad&lt;/P&gt;</description>
      <pubDate>Thu, 31 Mar 2022 19:30:00 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587560#M27349</guid>
      <dc:creator>Brogers</dc:creator>
      <dc:date>2022-03-31T19:30:00Z</dc:date>
    </item>
    <item>
      <title>Re: Multiple users interacting with one Dropbox account via the API</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587910#M27363</link>
      <description>&lt;P&gt;Thanks for the replies&amp;nbsp;&lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@96BDC0194935973C95B55C70BF23B118/emoticons/1f60e.png" alt=":smiling_face_with_sunglasses:" title=":smiling_face_with_sunglasses:" /&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I think I understand what I need to do now to make things secure. Firebase hosting offers serverless Cloud Functions that &lt;EM&gt;'lets you automatically run backend code in response to events triggered by Firebase features and HTTPS requests'. &lt;/EM&gt;So I think I can utilise them to either send the form on the backend or perhaps send the form on the front end still but pull an access token from the backend via a request using a refresh token...I think that makes sense anyway. If it doesn't please let me know&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I am a big programming newbie and have never dabbled with backend so thank you for breaking things down for me to think about.&lt;/P&gt;</description>
      <pubDate>Sat, 02 Apr 2022 14:40:52 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Multiple-users-interacting-with-one-Dropbox-account-via-the-API/m-p/587910#M27363</guid>
      <dc:creator>oatcake</dc:creator>
      <dc:date>2022-04-02T14:40:52Z</dc:date>
    </item>
  </channel>
</rss>

