<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Managing sensitive files with a server. in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Managing-sensitive-files-with-a-server/m-p/165551#M5932</link>
    <description>&lt;P&gt;My friend is a lawyer. His clients submit documents to him through Dropbox. They are sensitive legal documents. He asked if there was some way that I could build a website&amp;nbsp;(web app)&amp;nbsp;that will manage the files. I'd like to use the Dropbox API to have his clients directly upload the files into his Dropbox folder while at the same time saving a reference to the file in the server database and notifying him of the change. I develop using PHP, Angular, and Node.js but I don't even know where to begin thinking about this problem or what concerns there are. If someone has information about this, it would be helpful for me.&lt;/P&gt;</description>
    <pubDate>Wed, 29 May 2019 09:36:34 GMT</pubDate>
    <dc:creator>Adam S.66</dc:creator>
    <dc:date>2019-05-29T09:36:34Z</dc:date>
    <item>
      <title>Managing sensitive files with a server.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Managing-sensitive-files-with-a-server/m-p/165551#M5932</link>
      <description>&lt;P&gt;My friend is a lawyer. His clients submit documents to him through Dropbox. They are sensitive legal documents. He asked if there was some way that I could build a website&amp;nbsp;(web app)&amp;nbsp;that will manage the files. I'd like to use the Dropbox API to have his clients directly upload the files into his Dropbox folder while at the same time saving a reference to the file in the server database and notifying him of the change. I develop using PHP, Angular, and Node.js but I don't even know where to begin thinking about this problem or what concerns there are. If someone has information about this, it would be helpful for me.&lt;/P&gt;</description>
      <pubDate>Wed, 29 May 2019 09:36:34 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Managing-sensitive-files-with-a-server/m-p/165551#M5932</guid>
      <dc:creator>Adam S.66</dc:creator>
      <dc:date>2019-05-29T09:36:34Z</dc:date>
    </item>
    <item>
      <title>Re: Managing sensitive files with a server.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Managing-sensitive-files-with-a-server/m-p/165552#M5933</link>
      <description>&lt;P&gt;[Cross-linking for reference:&amp;nbsp;&lt;A href="https://stackoverflow.com/questions/34928673/can-i-upload-files-from-a-custom-website-form-to-dropbox" rel="nofollow noreferrer"&gt;https://stackoverflow.com/questions/34928673/can-i-upload-files-from-a-custom-website-form-to-dropbox&lt;/A&gt; ]&lt;/P&gt;
&lt;P&gt;It sounds like you want to build an app that only connects to&amp;nbsp;a single Dropbox account. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons.&lt;/P&gt;
&lt;P&gt;However if you did want to go this route, instead of kicking off the authorization flow, you would manually use an existing access token for the&amp;nbsp;account and app. (Just be careful not to revoke it, e.g. via &lt;A href="https://www.dropbox.com/account/security" rel="nofollow noreferrer"&gt;https://www.dropbox.com/account/security&lt;/A&gt; .)&lt;/P&gt;
&lt;P&gt;On the StackOverflow question, one poster recommended using the JavaScript SDK for this, but note that doing so would expose serious security issues, like I mentioned above. Instead, you could handle the integration server-side only, which would allay most of those concerns. In that case, I would recommend using an official SDK for your platform, if possible, or using a third party library, or the HTTP interface itself:&lt;/P&gt;
&lt;P&gt;&lt;A href="https://www.dropbox.com/developers/%C2%A0" rel="nofollow noreferrer"&gt;https://www.dropbox.com/developers/&amp;nbsp;&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;Work through the tutorial and documentation for whichever you end up using to see how to upload files. The important thing is to make sure you only keep the access token on the server, where the end-users won't have access to it. That does mean however that the uploaded files would have to go through your server before going to&amp;nbsp;Dropbox though.&lt;/P&gt;</description>
      <pubDate>Fri, 22 Jan 2016 02:28:41 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Managing-sensitive-files-with-a-server/m-p/165552#M5933</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2016-01-22T02:28:41Z</dc:date>
    </item>
    <item>
      <title>Re: Managing sensitive files with a server.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Managing-sensitive-files-with-a-server/m-p/165553#M5934</link>
      <description>&lt;P&gt;I just checked and Dropbox is&amp;nbsp;&lt;A href="https://www.dropbox.com/static/business/resources/getting_started_with_hipaa.pdf" target="_blank" rel="nofollow noreferrer"&gt;HIPPA&lt;/A&gt; compliant. It would have been nice if a doctor could just upload a file to the lawyer without passing through my even with TLS probably never HIPPA compliant&amp;nbsp;server. Can a doctor logged into her own Dropbox account and the web app upload a document to Dropbox through the&amp;nbsp;web app using the JavaScript SDK with a reference to the file link which will be stored in the web app's server database so the lawyer can be notified of the change and location of the document in Dropbox with each, the doctor and lawyer, using their own Dropbox accounts securely?&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 22 Jan 2016 03:24:10 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Managing-sensitive-files-with-a-server/m-p/165553#M5934</guid>
      <dc:creator>Adam S.66</dc:creator>
      <dc:date>2016-01-22T03:24:10Z</dc:date>
    </item>
    <item>
      <title>Re: Managing sensitive files with a server.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Managing-sensitive-files-with-a-server/m-p/165554#M5935</link>
      <description>&lt;P&gt;It is possible to upload a file to a&amp;nbsp;Dropbox from the client, in this case the web browser using the JavaScript SDK (as well as get information about files, etc). As noted earlier, the concern is that in that scenario, the access token is exposed to the client, so this would only be safe if the end-user is only and always the doctor.&lt;/P&gt;</description>
      <pubDate>Fri, 22 Jan 2016 05:12:19 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Managing-sensitive-files-with-a-server/m-p/165554#M5935</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2016-01-22T05:12:19Z</dc:date>
    </item>
  </channel>
</rss>

