<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Obtaining short lived API Access tokens in Discuss Dropbox Developer &amp; API</title>
    <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Obtaining-short-lived-API-Access-tokens/m-p/581167#M2444</link>
    <description>&lt;P&gt;Thanks for the quick answer! The flow is a lot clearer to me now.&amp;nbsp; Is it possible to change the "oauth2/authorize_submit" page to refer to the code it returns as an Authorization code instead of an Access code? &amp;nbsp; &amp;nbsp; It is a small thing but I'm probably not the only one wondering where an "Access code" should be used and where/how I could obtain an "Authorization code".&lt;/P&gt;</description>
    <pubDate>Wed, 02 Mar 2022 23:11:57 GMT</pubDate>
    <dc:creator>MN86</dc:creator>
    <dc:date>2022-03-02T23:11:57Z</dc:date>
    <item>
      <title>Obtaining short lived API Access tokens</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Obtaining-short-lived-API-Access-tokens/m-p/581131#M2442</link>
      <description>&lt;P&gt;Hello, I'm struggling with the process of obtaining/refreshing short lived tokens. I have a remote camera that will occasionally upload a picture using HTTP over the cellular network. The API works but of course the token generated in the App console times out so ... I dived into the documentation.&amp;nbsp; Many many hours later I'm possibly more confused than ever. I'm working mainly from:&amp;nbsp; "developers/documentation/http/documentation"&lt;/P&gt;
&lt;P&gt;I believe what I need to do is this:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Example: Auth URL for code flow with offline token access type&lt;/P&gt;
&lt;P&gt;"&lt;A href="https://www.dropbox.com/oauth2/authorize?client_id=" target="_blank" rel="noopener"&gt;https://www.dropbox.com/oauth2/authorize?client_id=&lt;/A&gt;&amp;lt;APP_KEY&amp;gt;&amp;amp;token_access_type=offline&amp;amp;response_type=code"&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;which I have done and eventually got an "Access Code" which I think will be used by the camera to request a short lived token.&lt;/P&gt;
&lt;P&gt;I'm guessing that&amp;nbsp; every time the camera has a picture to upload, it will first have to send a request for a new token using the Access code? Am I right in thinking this access code will "live forever" unless I revoke/cancel/destroy it?&lt;/P&gt;
&lt;P&gt;I tried to request a token with the method "Example: access token request in code flow"&amp;nbsp; but had no success.&lt;/P&gt;
&lt;P&gt;Am I on the right track or hopelessly in the weeds?&lt;/P&gt;
&lt;P&gt;I hope I don't need to worry about Redirect URIs&lt;/P&gt;
&lt;P&gt;The token request examples all use curl which introduces another level and failure point for me and my camera&amp;nbsp; app.&lt;/P&gt;
&lt;P&gt;I tried converting it to HTTP and an error there could by my problem.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 03 Mar 2022 08:55:33 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Obtaining-short-lived-API-Access-tokens/m-p/581131#M2442</guid>
      <dc:creator>MN86</dc:creator>
      <dc:date>2022-03-03T08:55:33Z</dc:date>
    </item>
    <item>
      <title>Re: Obtaining short lived API Access tokens</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Obtaining-short-lived-API-Access-tokens/m-p/581139#M2443</link>
      <description>&lt;P&gt;For context, Dropbox is in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find &lt;A href="https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens" target="_blank" rel="noopener noreferrer"&gt;more information on this migration here&lt;/A&gt;.&lt;BR /&gt;&lt;BR /&gt;Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. (Refresh tokens don't expire, but can be revoked on demand.) You can find more information in the &lt;A href="https://developers.dropbox.com/oauth-guide" target="_blank" rel="noopener noreferrer"&gt;OAuth Guide&lt;/A&gt; and &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#authorization" target="_blank" rel="noopener noreferrer"&gt;authorization documentation&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;To clarify what you have so far though, the code returned from /oauth2/authorize when using 'response_type=code' like this is an "authorization code", which is different than an "access token" or "refresh token". Authorization codes are temporary, single-use codes that the app should use once to retrieve the authorization result (which would be an access token and optionally a refresh token).&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;And yes, using a redirect URI is optional with this 'response_type=code' flow. When the redirect URI is omitted, the authorization code is just presented on the Dropbox web page so it can be copied/pasted back into the app manually.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;So, to summarize, the flow would look like this:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;the app builds the /oauth2/authorize URL ("Example: Auth URL for code flow with offline token access type")&lt;/LI&gt;
&lt;LI&gt;the user visits the /oauth2/authorize URL in their browser and authorizes the app&lt;/LI&gt;
&lt;LI&gt;the user copies the authorization code back into the app&lt;/LI&gt;
&lt;LI&gt;the app sends the authorization code to /oauth2/token and receives back a short-lived access token and refresh token ("Example: access token request in code flow")&lt;/LI&gt;
&lt;LI&gt;the app makes calls using the short-lived access token until it expires&lt;/LI&gt;
&lt;LI&gt;the app sends the refresh token to /oauth2/token and receives back another short-lived access token, whenever and as many times as necessary in the future ("Example: refresh token request")&lt;/LI&gt;
&lt;/UL&gt;</description>
      <pubDate>Wed, 02 Mar 2022 21:55:08 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Obtaining-short-lived-API-Access-tokens/m-p/581139#M2443</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-03-02T21:55:08Z</dc:date>
    </item>
    <item>
      <title>Re: Obtaining short lived API Access tokens</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Obtaining-short-lived-API-Access-tokens/m-p/581167#M2444</link>
      <description>&lt;P&gt;Thanks for the quick answer! The flow is a lot clearer to me now.&amp;nbsp; Is it possible to change the "oauth2/authorize_submit" page to refer to the code it returns as an Authorization code instead of an Access code? &amp;nbsp; &amp;nbsp; It is a small thing but I'm probably not the only one wondering where an "Access code" should be used and where/how I could obtain an "Authorization code".&lt;/P&gt;</description>
      <pubDate>Wed, 02 Mar 2022 23:11:57 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Obtaining-short-lived-API-Access-tokens/m-p/581167#M2444</guid>
      <dc:creator>MN86</dc:creator>
      <dc:date>2022-03-02T23:11:57Z</dc:date>
    </item>
    <item>
      <title>Re: Obtaining short lived API Access tokens</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Obtaining-short-lived-API-Access-tokens/m-p/581298#M2446</link>
      <description>&lt;P&gt;Thanks for the note! I'll ask the team to fix up that text.&lt;/P&gt;</description>
      <pubDate>Thu, 03 Mar 2022 15:42:00 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Obtaining-short-lived-API-Access-tokens/m-p/581298#M2446</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-03-03T15:42:00Z</dc:date>
    </item>
  </channel>
</rss>

