I'd like to get feedback about whether my plan for using the APIs is a good fit for our use-case.
Our company produces files, and some of our customers who have "Dropbox for Healthcare" accounts want us to deliver files to their accounts.
Planned use of APIs:
1) Create a "basic" Dropbox account. Would uploads to this be covered by Dropbox's HIPAA BAA? How would we get a BAA from Dropbox?
2) Create one top-level folder per customer, and use a sharing API to invite a list of customer email addresses to the folder.
3) Every time we create a new file for a customer, auto-upload it to a path under their top-level folder.
4) If a recipient edits, renames, or deletes a file we delivered, we can safely ignore any API notifications because we don't need their edits.
Our expectation is that, once each customer recipient accepted their sharing invitation, they would place the shared folder whereever they want in their own folder structure, and whenever we upload a file to a shared folder, the invited users would silently receive a copy of the upload.
Is this plan the best use of the APIs for our use-case?