cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Discuss Dropbox Developer & API

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Will there be an "&" in Token string?

Labels:

Will there be an "&" in Token string?

D658
Explorer | Level 3
‎08-06-2019 12:34 AM
Go to solution


Hi, there.

I am building a http connection with Dropbox, and I am using "post" to post data to https://content.dropboxapi.com

For now, my code is working.

1):But I want to ask, if there is any & character in Token string?
Because I am also using simple methods "post" and "get" to store and read Token in/from the database.
"post" and "get" methods are using & character too.

2): In the "create app" page, if I click twice the button "Generate", will the first generated token be invalid?
Can I use the two Token at the same time?

3): Is the Token the only thing I need, to access my own account?
I don't understand the work flow of https.
Should I download or provide any CA certification when the https connection (before sending the Token to dropbox server) is initialized?
Or after some uploads, will there be more auth or verification?

My code is something like this, for now, it is working.

POST /2/files/upload
Host: https://content.dropboxapi.com
User-Agent: api-explorer-client
Authorization: Bearer myToken
Content-Type: application/octet-stream
Dropbox-API-Arg: {"path":"/Apps/myAPP88289/a.jpg","mode":{".tag":"add"},"autorename":true,"mute":true,"strict_conflict":true}
Content-Length: 571313

--- (content of 2018-09-18_230651_393.jpg goes here) ---

Thank you very much..

Labels:
  • 0 Likes
  • 2 Replies
  • 1,264 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎08-06-2019 08:31 AM
Go to solution

1) We don't have a documented guarantee of the exact format of Dropbox OAuth 2 access tokens, but the current implementation does not use "&". 

2) You can create and use multiple access tokens for the same app-user pair. Clicking "Generate" a second time will not invalidate the first access token.

3) An access token is all that is required to access an account, to the extent allowed by the corresponding app's permission level. You do not need to provide any additional information or certificate. Note that all Dropbox API calls do require TLS (i.e., as you can see from the https:// in your call, for instance), but that is all generally handled automatically for you.

Dropbox API OAuth 2 access tokens currently don't expire automatically, though they can be revoked.

Users can manually revoke tokens themselves, e.g. via:

https://www.dropbox.com/account/connected_apps

Apps can also revoke access tokens via:

https://www.dropbox.com/developers/documentation/http/documentation#auth-token-revoke

This being the case, you only need to process the authorization once, and save the access token for all future calls for that user. If an existing access token is invalid, (in which cases calls will return 401) you should prompt the user to re-authorize your app.

View solution in original post

0 Likes
2 Replies 2

Greg-DB
Dropbox Staff
‎08-06-2019 08:31 AM
Go to solution

1) We don't have a documented guarantee of the exact format of Dropbox OAuth 2 access tokens, but the current implementation does not use "&". 

2) You can create and use multiple access tokens for the same app-user pair. Clicking "Generate" a second time will not invalidate the first access token.

3) An access token is all that is required to access an account, to the extent allowed by the corresponding app's permission level. You do not need to provide any additional information or certificate. Note that all Dropbox API calls do require TLS (i.e., as you can see from the https:// in your call, for instance), but that is all generally handled automatically for you.

Dropbox API OAuth 2 access tokens currently don't expire automatically, though they can be revoked.

Users can manually revoke tokens themselves, e.g. via:

https://www.dropbox.com/account/connected_apps

Apps can also revoke access tokens via:

https://www.dropbox.com/developers/documentation/http/documentation#auth-token-revoke

This being the case, you only need to process the authorization once, and save the access token for all future calls for that user. If an existing access token is invalid, (in which cases calls will return 401) you should prompt the user to re-authorize your app.

0 Likes

D658
Explorer | Level 3
‎08-06-2019 10:27 PM
Go to solution

You saved me. Thank you very much.

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    D658 Explorer | Level 3
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?