cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
What’s new: end-to-end encryption, Replay and Dash updates. Find out more about these updates, new features and more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Able to download non shared files using API

Labels:

Able to download non shared files using API

TC888
Explorer | Level 3
‎07-21-2022 04:28 PM

I need to build a simple tool for downloading shared files that can run as a cron job, so I'm learning the API and Java SDK.  In my tinkering, I've encountered some behavior that I don't understand.  I created an account using my work email, then created an app with that account and genreated a token.  Then, in a different browser, I created another account using my personal email and put a couple test files there.  Using the Java SDK and the access token I generated from my work account, I was able to download files from my personal account that were not shared.  There was nothing in my code that would identify me as the owner of that account, so I don't see how that should be possible.  Is this a bug?  Was it able to identify me by my IP?  Is the link generated by "copy link" usable by anyone without authentication?  Just trying to get my head around this.

Labels:
  • 0 Likes
  • 3 Replies
  • 369 Views
0 Likes
3 Replies 3

Здравко
Legendary | Level 20
‎07-21-2022 07:22 PM
@TC888 wrote:

...  Is this a bug?  ...

Hi @TC888,

If you can access non shared file in such a way that for sure would be a bug. Is the file non shared really? 🤔 Taking in account following:

@TC888 wrote:

...  Is the link generated by "copy link" usable by anyone without authentication? ...

Most probably you are talking here for a shared link. If so, Yes - that's the idea of shared link - providing access to particular resource (file/folder) without account authentication. 😉 Clarify to yourself what actually you are doing! Shared link associated resource can be downloaded with App Authentication, without account authentication.

Hope this helps.

0 Likes

Greg-DB
Dropbox Staff
‎07-21-2022 07:49 PM

@TC888 It seems like Здравко has figured this out. It sounds like the link you are referring to is a "shared link", which can be accessed by other accounts by default. This is a sharing feature that allows one user to share files or folders with other users just via that link.

 

Here are some guides that may be helpful:

0 Likes

TC888
Explorer | Level 3
‎07-22-2022 10:25 AM

Ok, that makes sense.  Thanks for the help.

0 Likes
Need more support?