<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re:  Saver Drop-in authentication for download files in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Saver-Drop-in-authentication-for-download-files/m-p/27387#M784</link>
    <description>&lt;P&gt;The&amp;nbsp;Dropbox Saver doesn't offer authentication on the requests like this, nor is there a good way to verify that a request is actually coming from&amp;nbsp;Dropbox that couldn't just be spoofed. That being the case, you can instead generate URLs that contain random, unguessable tokens, and/or that are time-limited.&lt;/P&gt;

&lt;P&gt;The&amp;nbsp;Dropbox API and&amp;nbsp;Dropbox for Business API both offer entirely different interfaces, which may or may not be better suited for you, depending on exactly what you're looking to and what you're trying to prevent. For example, the &lt;A href="https://www.dropbox.com/developers/core/docs#save-url" rel="nofollow noreferrer"&gt;/save_url&lt;/A&gt; endpoint works effectively the same way as the Saver, but the &lt;A href="https://www.dropbox.com/developers/core/docs#files_put" rel="nofollow noreferrer"&gt;/files_put&lt;/A&gt; endpoint takes the data directly from the API client. Both of the API calls require an access token for the user account.&lt;/P&gt;</description>
    <pubDate>Thu, 06 Aug 2015 23:27:42 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2015-08-06T23:27:42Z</dc:date>
    <item>
      <title>Saver Drop-in authentication for download files</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Saver-Drop-in-authentication-for-download-files/m-p/27386#M783</link>
      <description>&lt;PRE&gt;&lt;CODE&gt;I use Saver Drop-in to save files from my site to user DropBox.   
However I want to use forms or windows authentication in my site also for download file url's.  

var options = {
 files: [
        // You can specify up to 100 files.
        {'url': '...', 'filename': '...'},
        {'url': '...', 'filename': '...'},
        // ...
    ],
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;Is it possible to ensure that request comes from Dropbox service to save file for particular user who request it ?  &lt;/P&gt;

&lt;P&gt;Do you support some sort of authentication with OAuth or client certificates ?&lt;/P&gt;

&lt;P&gt;If not, can&amp;nbsp;usage of the businesses API help me ?&lt;/P&gt;</description>
      <pubDate>Wed, 29 May 2019 09:40:43 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Saver-Drop-in-authentication-for-download-files/m-p/27386#M783</guid>
      <dc:creator>Ihar Y.</dc:creator>
      <dc:date>2019-05-29T09:40:43Z</dc:date>
    </item>
    <item>
      <title>Re:  Saver Drop-in authentication for download files</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Saver-Drop-in-authentication-for-download-files/m-p/27387#M784</link>
      <description>&lt;P&gt;The&amp;nbsp;Dropbox Saver doesn't offer authentication on the requests like this, nor is there a good way to verify that a request is actually coming from&amp;nbsp;Dropbox that couldn't just be spoofed. That being the case, you can instead generate URLs that contain random, unguessable tokens, and/or that are time-limited.&lt;/P&gt;

&lt;P&gt;The&amp;nbsp;Dropbox API and&amp;nbsp;Dropbox for Business API both offer entirely different interfaces, which may or may not be better suited for you, depending on exactly what you're looking to and what you're trying to prevent. For example, the &lt;A href="https://www.dropbox.com/developers/core/docs#save-url" rel="nofollow noreferrer"&gt;/save_url&lt;/A&gt; endpoint works effectively the same way as the Saver, but the &lt;A href="https://www.dropbox.com/developers/core/docs#files_put" rel="nofollow noreferrer"&gt;/files_put&lt;/A&gt; endpoint takes the data directly from the API client. Both of the API calls require an access token for the user account.&lt;/P&gt;</description>
      <pubDate>Thu, 06 Aug 2015 23:27:42 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Saver-Drop-in-authentication-for-download-files/m-p/27387#M784</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2015-08-06T23:27:42Z</dc:date>
    </item>
  </channel>
</rss>

