Re: Uploading large files directly from web application.

AlexSeniorDev · ‎03-31-2020

Hi Guys

We have a simple form on our website with a fileupload UI using Dropzone.js.

When a file is dropped I use an ajax callback to fetch a URL from /get_temp_upload_link, send this back to Dropzone and the file is streamed directly to Dropbox. We do not want to handle the file upload server side as this will impact the site, we need the files straight to dropbox from the form.

From what Ive read there seems to be a file size limit using temp upload links of a few hundred MB, some of these files might be upwards of 60GB.

Dropzone has a file chunking abilty which i haven't tried yet. If its any good I might try to use this with the temp_upload endpoint. If this doesnt work though, how can I stream these large files straight from the browser without passing the access token to the client?

Greg-DB · ‎03-31-2020

[Cross-linking for reference: https://stackoverflow.com/questions/60952157/using-dropzone-to-upload-files-to-dropbox-via-upload-se... ]

Unfortunately, there isn't a good solution here. The Dropbox API offers the /2/files/get_temporary_upload_link functionality to enable client-side uploads without an access token like you mentioned, but it has the the same file size limit as /2/files/upload itself (officially 150 MB). Regardless of what kind of capability Dropzone has, the Dropbox API itself doesn't an equivalent way to upload larger files without having the access token client-side.

I'll pass this along as a feature request for a good way to do this, but I can't promise if or when that might be implemented.

AlexSeniorDev · ‎03-31-2020

I can see that Dropbox has an endpoint for upload sessions. Allowing files to be uploaded in chunks.

Its a shame that this functionality of accepting parts of a file and rebuilding it at the other end cant be included in the get_temp_upload_link endpoint as well.

Thanks for your reply.

knoppys · ‎04-16-2020

We came up with a solution.

Upload the files to an App folder, then make a final request to make a server side call to move the file to a secure location within Dropbox before removing the old one and thus keeping the app folder empty.

Greg-DB · ‎04-17-2020

@knoppys For reference, if your solution involves exposing the app folder access token client-side, we still wouldn't recommend this. Even if you remove the files from the app folder as soon as possible, someone with the access token could read any files while they do exist, or even after they're deleted by restoring them via /2/files/restore.

AlexSeniorDev · ‎04-17-2020

Would users still be able to restore the file even if I used the delete_permenantly end point?

Greg-DB · ‎04-17-2020

@AlexSeniorDev No, files can't be restored after being permanently deleted, such as via /2/files/permanently_delete. Note that /2/files/permanently_delete is only available to Dropbox Business API apps though.

AlexSeniorDev · ‎04-17-2020

Good to know, thanks Greg.
I know we already have a Business account so this should work fine.
Unless you know of any other way to post to the upload session endpoints from the client without including the access token.