Uploading to our Dropbox using API?

pscs · ‎12-19-2018

Is this possible?

We want users of our software to be able to upload diagnostic information (logs etc) to our Dropbox simply - eg by clicking a button in our software - so that we an use that information to help them. I wouldn't have thought this would be that unusual an idea.

I'm not sure that's something that the API/authentication system is set up to allow, but I may be missing something.

We don't want users to have to have their own Dropbox accounts, and we don't want to be putting full-access authentication keys into our software that could be used to download other users' logs. So, we'd want an 'upload only' authentication method, but I can't see that that's possible at the moment.

Is that correct that it's not really feasible, or is there some way to do this?

The 'File Request' system (not API) looked like it may be helpful, but I can't see any way to automate the uploads to that.

The only way I've thought around this would be for our software to upload the data to our website first, and then for our website to upload to Dropbox (because it's OK to store the authentication details on our webserver where users don't have access). But, that seems overly complicated for something that should really be straightforward.

Greg-DB · ‎12-19-2018

The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons. It sounds like you already have a good idea of the risks with doing so, i.e., a malicious user could extract the access token and read other files, etc. Routing this through your own server as you mentioned would be a workaround for this.

I'll send this along as a feature request for a safe way to do this directly, but I can't promise if or when this would be implemented.

View solution in original post

Greg-DB · ‎12-19-2018

The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons. It sounds like you already have a good idea of the risks with doing so, i.e., a malicious user could extract the access token and read other files, etc. Routing this through your own server as you mentioned would be a workaround for this.

I'll send this along as a feature request for a safe way to do this directly, but I can't promise if or when this would be implemented.

pscs · ‎12-20-2018

Thanks. That's what I suspected.

It would be nice if there was 'anonymous upload' type functionality - even if it's just based off the 'request files' function which seems to be almost what is needed - if only the uploads could be automated using the request URL.

Greg-DB · ‎12-20-2018

Thanks for the feedback!

By the way, I should also mention the /2/files/get_temporary_upload_link functionality. That would still require you to use your own server to make the API call itself, as it requires an access token, but it would at least enable the client to then upload directly to Dropbox without sending the data through your server. (Note that it's still only in preview though.)

Uploading to our Dropbox using API?

Uploading to our Dropbox using API?

Top contributors to this post