cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Getting separate Access Tokens for each Team Member in Business API

Labels:

Getting separate Access Tokens for each Team Member in Business API

AlemoDaniel
Helpful | Level 6
‎06-01-2018 05:51 AM
Go to solution
  1. Is it possible to get a separate access token for each team member in the business api?
  2. Can the Team members authenticate themselves to enable an app to access team-shared folders? (Maybe when a team admin has authenticated the app already or not)
  3. How do i properly get the correct user id (for select_user param), preventing them from accessing other member's private folders but allowing access to their own?
Labels:
  • 0 Likes
  • 3 Replies
  • 1,984 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎06-01-2018 09:15 AM
Go to solution

1. No, the API doesn't offer a way to get separate member-specific access tokens for a Dropbox Business API app, but I'll pass this along as a feature request. 

 

2. If the app is registered for the "Dropbox API" with the "Full Dropbox" permission, it can be authorized by any user (whether on a team or not, and whether a team admin or not) and the app will be able to acess anything that user can access (e.g., including team content that they have access to.)

 

If the app is registered for the "Dropbox Business API" with the "Team member file access" permission, it can only be authorize by a team admin and the app will be able to access any team content. Non-admin members cannot authorize Business API apps.

 

3. Dropbox Business API apps can list all team members using /2/team/members/list[/continue], or look up specific members, e.g., via email address, using /2/team/members/get_info. In either case, the returned TeamMemberInfo will contain the team_member_id that you can use with the 'Dropbox-API-Select-User' header.

 

Note that the access token for a "Dropbox Business API" app with the "Team member file access" permission can access any team content, so it should not be exposed to non-admin members, and you should implement the logic in your app to only allow access to team content to non-members via your app itself to the extent intended as necessary.

View solution in original post

0 Likes
3 Replies 3

Greg-DB
Dropbox Staff
‎06-01-2018 09:15 AM
Go to solution

1. No, the API doesn't offer a way to get separate member-specific access tokens for a Dropbox Business API app, but I'll pass this along as a feature request. 

 

2. If the app is registered for the "Dropbox API" with the "Full Dropbox" permission, it can be authorized by any user (whether on a team or not, and whether a team admin or not) and the app will be able to acess anything that user can access (e.g., including team content that they have access to.)

 

If the app is registered for the "Dropbox Business API" with the "Team member file access" permission, it can only be authorize by a team admin and the app will be able to access any team content. Non-admin members cannot authorize Business API apps.

 

3. Dropbox Business API apps can list all team members using /2/team/members/list[/continue], or look up specific members, e.g., via email address, using /2/team/members/get_info. In either case, the returned TeamMemberInfo will contain the team_member_id that you can use with the 'Dropbox-API-Select-User' header.

 

Note that the access token for a "Dropbox Business API" app with the "Team member file access" permission can access any team content, so it should not be exposed to non-admin members, and you should implement the logic in your app to only allow access to team content to non-members via your app itself to the extent intended as necessary.

0 Likes

AlemoDaniel
Helpful | Level 6
‎06-04-2018 02:47 AM
Go to solution

Thank you for your answer.

 

Regarding question 2: As it appears to me in the namespace guide (https://www.dropbox.com/developers/reference/namespace-guide) i need to use two api requests to fetch a team user's root directory:

  1. Get root Namespace id via users/get_current_account
  2. Get folder list via files/list_folder using the root namespace id

Is there a way to get the root folder directly without having to supply a namespace id?

0 Likes

Greg-DB
Dropbox Staff
‎06-04-2018 08:20 AM
Go to solution
No, there isn't a way to do this in one call. You need to supply the root ID.

This is in order to prevent calls in unexpected namespaces, e.g., in case the user changes teams:

"The intent of the root mode is to guarantee the namespace_id specified as the root is indeed the root for that user. The namespace ID for a user's "root" can change if the user joins/leaves/changes teams. This mode will test whether the namespace ID passed in as the root is the correct root namespace for the user. If this value does not match the users root_namespace_id , a 422 error will be returned."
0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    AlemoDaniel Helpful | Level 6
What do Dropbox user levels mean?