cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Access without an "app"

Labels:

Access without an "app"

mbm123
Explorer | Level 4
‎08-18-2021 11:21 AM
Go to solution

Hey,

I was wondering if it is possible to access a dropbox account without the token generated in the app console.

What I mean is, can I use an api on my python script that will query an input dropbox account (and password obviously) for files and then retrieve it?

 

As far as i've seen, I can only connect via the token to the account that generated it.

 

Thank you

Labels:
  • 0 Likes
  • 19 Replies
  • 2,776 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎08-23-2021 01:31 PM
Go to solution

Yes, that's correct.

View solution in original post

19 Replies 19

avstudio
Explorer | Level 4
‎08-18-2021 11:43 AM
Go to solution

I think it is possible, I access to my account from the computer without any verification code, maybe if you look up in your profile page in settings > Security, there are many options to try. 

0 Likes

Greg-DB
Dropbox Staff
‎08-18-2021 12:05 PM
Go to solution

@mbm123 Performing Dropbox API calls, such as to list and download files from a Dropbox account, does require an access token; they can't be performed using the account username and password directly.

0 Likes

mbm123
Explorer | Level 4
‎08-19-2021 12:01 AM
Go to solution
 
0 Likes

Greg-DB
Dropbox Staff
‎08-19-2021 06:24 AM
Go to solution

@mbm123 Third party apps enable end-users to connect their Dropbox accounts by implementing the OAuth app authorization flow. This is a way for third party apps to ask the user to allow the app to access the user's account. When the user approves an app using this flow, the app is given an access token. You can find more information on how this flow works in the OAuth Guide and authorization documentation.

0 Likes

mbm123
Explorer | Level 4
‎08-19-2021 08:48 AM
Go to solution

Thank you for the answer, but let me stress this matter just a bit more 😉

 

Can I do that within a hosting server?

Webpage that wraps dropbox upload download.

 

Nothing malicious, just for home use.

0 Likes

Greg-DB
Dropbox Staff
‎08-19-2021 10:10 AM
Go to solution

@mbm123 It's not possible to perform the entire OAuth app authorization flow within your own app only. The user needs to be sent to Dropbox to indicate to Dropbox whether or not they want to authorize the app. If they do approve it, Dropbox itself then generates the token(s).

 

Note though that you only need to do this once per user. The app can store and re-use the resulting access/refresh tokens without further manual interaction.

0 Likes

mbm123
Explorer | Level 4
‎08-19-2021 11:38 AM
Go to solution

So it should be possible for me to ask a user to register with username and password, redirect it as a query for dropbox in order to generate a permanent token, save this token and use it later to download/upload files for this user?

 

could this operation be restricted to a specific path?

for example, if i want to share FAMILY folder from my dropbox (/FAMILY/), and do so for my other family members, they just need to "login" on my webpage with their dropbox credentials, then i do the token thing mentioned above?

0 Likes

Greg-DB
Dropbox Staff
‎08-19-2021 01:24 PM
Go to solution

@mbm123 Assuming you're referring to the username/password for your own app (that is, your app should never request or handle Dropbox username/passwords directly), yes, you can have the user log in to your own app, and then send them through the Dropbox app authorization flow to request access to their Dropbox account. Once they do so, you would use the resulting access token/optional refresh token to later make API calls for their account, such as to upload/download files.

 

(Note that if you only need to access your own account, you could just use your own access/refresh token instead of having each user add the shared folder to their own account and authorize the app to access their account. Note that you shouldn't expose your access/refresh token to other users though, so in this case you should make sure to only keep the token(s) on the server and not exposed to the client.)

 

Dropbox does not offer the ability to grant an app/access token access to specific existing folder(s) only, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though. 

For reference, the "Dropbox API" currently offers two levels of file access: "app folder" and "full Dropbox". Access tokens for apps with the app folder access type can only access the contents of the special app folder created for the app in the connected account. App folders can't be set to existing folders or combined with shared folders or team folders though.

Access tokens for apps with the full Dropbox access can access anything in the connected account, including shared folders. You can find more information about the different permissions here.

mbm123
Explorer | Level 4
‎08-19-2021 01:35 PM
Go to solution

That's a lot of information, thank you very much, also for the initiative to forward my humble suggestion.

 

I will get more familiar with the api and the documentation you linked and further this discussion (or open a new thread?) once deeper questions arouse.

 

Thank you once again.

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    vimala_palanisamy22 Explorer | Level 3
What do Dropbox user levels mean?