cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Mobile Application(IOS and Android)

Mobile Application(IOS and Android)

ZeeshanFayyaz_1
Helpful | Level 6
Go to solution

Hi there, currently i am working on mobile application for an organization whose requirement are as follow 
1. All employees have installed company app on their smart phone i-e android and ios. With which they are able to upload videos, images and text files to the company dropbox account that the company have purchased 
 "I have not worked with dropbox api before and i don't know which endPoint has to be called to accomplish the task or does dropbox has support for this or not"
So thats why need your attention or if anybody has implemented this before so they can guide me through this.
Thanks in advance.

 

2 Accepted Solutions

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

The issue is that client-side applications can't keep secrets, meaning that any access token stored in a distributed app, or even just sent to the app at any time, could be extracted. That means that a malicious user could get the access token, and use it to access the Dropbox API directly, bypassing any access controls your app attempted to enforce. (E.g., they could download files.)

However, if you have your own server and are willing to use that as an intermediary, you do have more options. You could have the app call to your server, and have your server call the Dropbox API. That way, you can protect your access token on the server.

In that case, you can either:

a) have the mobile apps upload to your server, and then have the server upload to Dropbox (e.g., to /2/files/upload).

b) have the mobile apps call your server, have the server call /2/files/get_temporary_upload_link, and return the resulting upload link to the app. The app could then upload directly to Dropbox using the link. (Note that /2/files/get_temporary_upload_link is still in preview though.)

View solution in original post

ZeeshanFayyaz_1
Helpful | Level 6
Go to solution

Thanks for your time, Actually i was busy these days that why i am writing late to you. I have noticed the main point here, i have found your answer very helpful i will discuss these points with the organization i am working and get back to you, for now i am marking your answer as "Best Answer". Once again Thanks for your time

View solution in original post

7 Replies 7

Jay
Dropbox Staff
Go to solution
Heya, just so you know I’ve moved your post to the API forum for our specialist to help out!

Jay
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, give it a Like below to let us know.
:arrows_counterclockwise: Need help with something else? Ask me a question!
:pushpin: Find Tips & Tricks Discover more ways to use Dropbox here!
:arrows_counterclockwise: Interested in Community Groups? Click here to join!

Greg-DB
Dropbox Staff
Go to solution

Dropbox does offer an API you can use for programmatically uploading files, among other operations. You can find everything you need to get started with the Dropbox API, including documentation, tutorials, and SDKs here:

https://www.dropbox.com/developers

For example, to upload files, you can use /2/files/upload:

https://www.dropbox.com/developers/documentation/http/documentation#files-upload

That's a link to the documentation for the HTTPS endpoints themselves, but we recommend using one of the official SDKs:

https://www.dropbox.com/developers/documentation

We offer both Objective-C and Swift SDKs for iOS, and a Java SDK for Android. Those have corresponding native methods for the HTTPS endpoints. 

ZeeshanFayyaz_1
Helpful | Level 6
Go to solution

Thanks for your support, I have read the stuff that you shared. but as i understand here is that it allows me to upload files only to users account, but i didn't need that
My requirement is as follow
let me alaborate it with a example, Suppose there is company named ABC, and the company have 20 employee working. Company ABC has a dropbox account(preferable paid) and what company needs is that all of the employees have company app(i-e android and ios)  on their smart Devices. 
App Functionality:
     Allow its user to upload files to company dropbox account that's all. 

Now according to endpoints they need a "Access Token" to upload files.  How to get that as i understand it is token generated when user sign in the app or there is a way that i save company credentials in the app permanently and get access token by calling any endpoints which returns me accessToken for that account

 

Greg-DB
Dropbox Staff
Go to solution

I see, thanks for clarifying. 

The API was designed with the intention that each user would link their own Dropbox account though, in order to interact with their own files. It is technically possible to connect to just one account like you describe, but we don't recommend doing so, for various technical and security reasons, especially in client-side apps like on iOS or Android.

Doing so would involve embedding an access token for the desired account in the app itself. A malicious user could then extract that access token from the app though.

ZeeshanFayyaz_1
Helpful | Level 6
Go to solution

what if i call my custom api for access token then use that token for to upload files
Another point here is "We are only providing to upload files functionality not to fetch it again"

Greg-DB
Dropbox Staff
Go to solution

The issue is that client-side applications can't keep secrets, meaning that any access token stored in a distributed app, or even just sent to the app at any time, could be extracted. That means that a malicious user could get the access token, and use it to access the Dropbox API directly, bypassing any access controls your app attempted to enforce. (E.g., they could download files.)

However, if you have your own server and are willing to use that as an intermediary, you do have more options. You could have the app call to your server, and have your server call the Dropbox API. That way, you can protect your access token on the server.

In that case, you can either:

a) have the mobile apps upload to your server, and then have the server upload to Dropbox (e.g., to /2/files/upload).

b) have the mobile apps call your server, have the server call /2/files/get_temporary_upload_link, and return the resulting upload link to the app. The app could then upload directly to Dropbox using the link. (Note that /2/files/get_temporary_upload_link is still in preview though.)

ZeeshanFayyaz_1
Helpful | Level 6
Go to solution

Thanks for your time, Actually i was busy these days that why i am writing late to you. I have noticed the main point here, i have found your answer very helpful i will discuss these points with the organization i am working and get back to you, for now i am marking your answer as "Best Answer". Once again Thanks for your time

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    ZeeshanFayyaz_1 Helpful | Level 6
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?