<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Short lived access tokens only? in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-access-tokens-only/m-p/773531#M33810</link>
    <description>&lt;P&gt;Dropbox is no longer offering the option for creating new long-lived access tokens. Dropbox is now issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find &lt;A href="https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens#updating-access-token-type" target="_blank" rel="noopener noreferrer"&gt;more information on this migration here&lt;/A&gt;.&lt;BR /&gt;&lt;BR /&gt;Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. Refresh tokens do not expire automatically and can be used repeatedly. You can find more information in the &lt;A href="https://developers.dropbox.com/oauth-guide" target="_blank" rel="noopener noreferrer"&gt;OAuth Guide&lt;/A&gt; and &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#authorization" target="_blank" rel="noopener noreferrer"&gt;authorization documentation&lt;/A&gt;. There's a basic outline of processing this flow in &lt;A href="https://dropbox.tech/developers/using-oauth-2-0-with-offline-access" target="_blank" rel="noopener noreferrer"&gt;this blog post&lt;/A&gt; which may serve as a useful example.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The status of the app does not affect this. This works the same way for both development status and production status apps.&lt;/P&gt;</description>
    <pubDate>Tue, 28 May 2024 15:12:23 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2024-05-28T15:12:23Z</dc:date>
    <item>
      <title>Short lived access tokens only?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-access-tokens-only/m-p/773530#M33809</link>
      <description>&lt;P&gt;I'm building an internal tool to create file requests via the API. I had it working, but I believe the App Console is only giving me short-lived access tokens when I click "Generate" - each token starts with "sl".&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Is these a way to get longer-lived tokens for my app? I'm in the "development" stage, which I thought was correct for an internal app, but does that affect the longevity of my access tokens?&lt;/P&gt;</description>
      <pubDate>Tue, 28 May 2024 15:08:55 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-access-tokens-only/m-p/773530#M33809</guid>
      <dc:creator>bobk26</dc:creator>
      <dc:date>2024-05-28T15:08:55Z</dc:date>
    </item>
    <item>
      <title>Re: Short lived access tokens only?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-access-tokens-only/m-p/773531#M33810</link>
      <description>&lt;P&gt;Dropbox is no longer offering the option for creating new long-lived access tokens. Dropbox is now issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find &lt;A href="https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens#updating-access-token-type" target="_blank" rel="noopener noreferrer"&gt;more information on this migration here&lt;/A&gt;.&lt;BR /&gt;&lt;BR /&gt;Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. Refresh tokens do not expire automatically and can be used repeatedly. You can find more information in the &lt;A href="https://developers.dropbox.com/oauth-guide" target="_blank" rel="noopener noreferrer"&gt;OAuth Guide&lt;/A&gt; and &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#authorization" target="_blank" rel="noopener noreferrer"&gt;authorization documentation&lt;/A&gt;. There's a basic outline of processing this flow in &lt;A href="https://dropbox.tech/developers/using-oauth-2-0-with-offline-access" target="_blank" rel="noopener noreferrer"&gt;this blog post&lt;/A&gt; which may serve as a useful example.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The status of the app does not affect this. This works the same way for both development status and production status apps.&lt;/P&gt;</description>
      <pubDate>Tue, 28 May 2024 15:12:23 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-access-tokens-only/m-p/773531#M33810</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2024-05-28T15:12:23Z</dc:date>
    </item>
    <item>
      <title>Re: Short lived access tokens only?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-access-tokens-only/m-p/773629#M33815</link>
      <description>&lt;P&gt;Greg, thanks for the quick answer. I haven't used a system like this before and I'm slowly getting my mind around it.&amp;nbsp;I'm trying to do all of this via Zapier, fyi.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I've successfully gotten an authorization code, but I'm having trouble getting&amp;nbsp;an access token and refresh token. I'm getting this error: "The request parameters do not match any of the supported authorization flows. Please refer to the API documentation for the correct parameters. (HTTP Status Code: 400)"&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;This is how I have it set up (with key details blurred):&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2024-05-28 122310.png" style="width: 659px;"&gt;&lt;img src="https://www.dropboxforum.com/t5/image/serverpage/image-id/46457iCA231DFE6EB40906/image-size/large?v=v2&amp;amp;px=999" role="button" title="Screenshot 2024-05-28 122310.png" alt="Screenshot 2024-05-28 122310.png" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Is there some other way I should be getting&amp;nbsp;an access token and refresh token?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 28 May 2024 16:25:53 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-access-tokens-only/m-p/773629#M33815</guid>
      <dc:creator>bobk26</dc:creator>
      <dc:date>2024-05-28T16:25:53Z</dc:date>
    </item>
    <item>
      <title>Re: Short lived access tokens only?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-access-tokens-only/m-p/773654#M33816</link>
      <description>&lt;P&gt;Typically, if you're the end-user of an app, you shouldn't have to manage the implementation details of the authorization flow like this yourself; that would be built into the app itself. You may want to refer to the support resources for Zapier to see if there is built-in support for this.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;That said, looking at your screenshot, I see you're passing the 'code', 'grant_type', 'client_id', and 'client_secret' as headers, but those should actually be sent as application/x-www-form-urlencoded POST parameters.&lt;/P&gt;</description>
      <pubDate>Tue, 28 May 2024 17:46:53 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-access-tokens-only/m-p/773654#M33816</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2024-05-28T17:46:53Z</dc:date>
    </item>
    <item>
      <title>Re: Short lived access tokens only?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-access-tokens-only/m-p/773677#M33817</link>
      <description>&lt;P&gt;Ok, I think I got it, thanks.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;For anyone else reading this, I ended up adding those parameters on the query string in Zapier and got the refresh token value, and added a step in Zapier to get a new short lived access token from Dropbox each time I make a new API call.&lt;/P&gt;</description>
      <pubDate>Tue, 28 May 2024 19:56:56 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-access-tokens-only/m-p/773677#M33817</guid>
      <dc:creator>bobk26</dc:creator>
      <dc:date>2024-05-28T19:56:56Z</dc:date>
    </item>
  </channel>
</rss>

