cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you interested in learning how media industry leaders use Dropbox Replay? Register for our webinar here.

Discuss Dropbox Developer & API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Simple Web App for getting info about a Dropbox Folder Content or File but Authorisation says NO??

Simple Web App for getting info about a Dropbox Folder Content or File but Authorisation says NO??

eni8ma
Explorer | Level 4
Go to solution

Hey there all!

I am quite new to all this. However I have working on a Webflow site that uses xano for the database and wized to run API calls and javascript functionality. 

I am on a Business Plus Account

 

So I was very excited that I could use API calls such as 2/files/list_folder to get a list of content within a directory. I was generating the token and found it strange that I had to keep renewing it but after a quick search I did see you could resolve this.

However now I am actually to implement this and its very difficult for starters but looks its made to prevent my use case since it requires the user to authenticate itself through Dropbox website.

Now as mentioned this is a team space and this is an internal web app. I would ideally like to have the authorisation done in the backend. Not pushing the user to authenticate themselves to see the contents of the files through my web app. 

I am happy to use any method that would enable this. I did see something about 'offline' access but I dont fully understand this. Could anyone please point me towards the right direction?

Kind regards

1 Accepted Solution

Accepted Solutions

Здравко
Legendary | Level 20
Go to solution

Hi @eni8ma,

Yes, it's possible to pre-generate needed data (primarily refresh token) and latter use it. Keep in mind that you have to avoid credentials exposing (either access or refresh token) while your application works (that would be security issue). Take care with that part of design! Example of refresh token generation by yourself may be seen here. Once you have it, you can initialize one of Dropbox SDKs of your choice and proceed further without further user interaction. Also, you can perform API calls on your own (without official SDK), but you should take care to refresh access token as described (all SDKs do this internally) - the choice is yours. 😉

Hope this clarifies matter.

View solution in original post

16 Replies 16

Здравко
Legendary | Level 20
Go to solution

Hi @eni8ma,

Yes, it's possible to pre-generate needed data (primarily refresh token) and latter use it. Keep in mind that you have to avoid credentials exposing (either access or refresh token) while your application works (that would be security issue). Take care with that part of design! Example of refresh token generation by yourself may be seen here. Once you have it, you can initialize one of Dropbox SDKs of your choice and proceed further without further user interaction. Also, you can perform API calls on your own (without official SDK), but you should take care to refresh access token as described (all SDKs do this internally) - the choice is yours. 😉

Hope this clarifies matter.

Greg-DB
Dropbox Staff
Go to solution

@eni8ma Здравко is correct; for long-term unattended access, you should request offline access in order to get a refresh token. This only needs to be authorized by the user once manually. Refer to the following resources for more information:

eni8ma
Explorer | Level 4
Go to solution

Thank you so much for your response! 

This gives me hope indeed, looks like I could actually implement this. Will try it out and thanks for the link, there is quite a in depth tutorial to do this so again thanks!

eni8ma
Explorer | Level 4
Go to solution

Ok, it does make sense so I can just do the initial setup and let the refresh tokens run periodically. Thanks for the links!

eni8ma
Explorer | Level 4
Go to solution

Hello again, I was hoping you help with trying to get this to work a bit.

I keep getting the following error: {"error":"unsupported_grant_type","error_description":"missing required field \"grant_type\""}

I tried a few different options with the help of Chat GPT but it keeps giving me this, my app key and secret are valid also my access code has been generated and its entered correctly too!

CleanShot 2024-05-16 at 18.28.26@2x.png


Здравко
Legendary | Level 20
Go to solution

@eni8ma, You don't need to implement that part if it isn't needed on client side. So skip that part and use curl instead.

It's not a good idea usage of any AI, by the way!!! Does your own intelligence miss? 🙂😁😉

eni8ma
Explorer | Level 4
Go to solution

Yes I actually gave up on it and used an online curl command runner. I have received the refresh token alongside a 4 hour access token and then I tried to refresh the access token using again the online curl editor and it worked but please just to confirm now that I have the refresh token this can be used to refresh tokens and does not expire right? Therefore I would not need to authorise my app again. 

I know I should not rely on AI but it has helped with some issue but in some cases it can point you in the wrong direction for sure 😂

I hope I can learn more as I do need to have the refresh function running on my platform to give me new access tokens. Am gonna try now to see if I can get the function to work in the Javascript in wized!

Здравко
Legendary | Level 20
Go to solution

Refresh token doesn't expire; only access token expire.

For regular API calls only access token may be used! SDK client may be initialized with refresh token - it acquires access token as needed when initialized properly.

eni8ma
Explorer | Level 4
Go to solution

Thank you guys I have managed to get this working but I do have another question on this topic.

--header "Authorization: Basic NmZoNnl5ZmNh.......

 
So from the developer tools I have managed to test some APIs however before i was always using the sl ....... token which I had to specify the user - Dropbox-API-Select-User and path the path root Dropbox-API-Path-Root. 

This token from the documentation page Basic NmZoNnl5ZmN.... seem to work fine without refreshing it. So my question whats the difference and which one should I be using.

My use case would be to access the Shared Workspace Folders and Contents not the user specific folders?

Thanks!

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    eni8ma Explorer | Level 4
  • User avatar
    Здравко Legendary | Level 20
What do Dropbox user levels mean?