cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Access Token for Dropbox Business App

Access Token for Dropbox Business App

RGDev
Explorer | Level 3
Go to solution

I'm going to develop an applcation for Dropbox for Business team. E.g. this will be a desktop application that searching content across all accounts in organization.

And I slightly confused about OAuth  section parameters when creating the application.

As far as I understood, I have two options:

1. Get Access Token progammatically via "Redirect URI" when first app starting

2. Get Access Token by clicking "Generate" button (in dev console when app creating)

Eventually, I need to securelly store this Access Token and use it to connect to Dropbox team and team members.

What is options preferrable and more secure in my case (1 or 2) ? Please advise.

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

Yes, for "Dropbox Business API" apps, the access tokens enable access to the entire team (and in particular, Dropbox Business API apps with the "team member file access" permission can operate on specific members, using DropboxTeamClient.AsMember). 

For "Dropbox API" apps, the access tokens enable access only to the individual account.

This works the same way regardless of how the access token was retrieved (i.e., OAuth flow vs. "Generate" button).

View solution in original post

6 Replies 6

Greg-DB
Dropbox Staff
Go to solution

The second option you mention, getting an access token by clicking the "Generate" button on the app's page, is only for getting an access token for your own account (i.e., the owner of the app).

If you need to allow abritrary end-users to connect their own Dropbox accounts to your app, you'll need to implement the OAuth app authorization flow. (That's the first option you mentioned, though redirect URIs aren't always required.)

I recommend reading the OAuth guide for more information. You can find the Dropbox OAuth documentation here.

RGDev
Explorer | Level 3
Go to solution

Thank you for quick answer.

But, it looks like the Access token that was generated by clicking "Generate" button give me access also to all Dropbox accounts in the team.

At least, DropboxTeamClient.AsMember method allows me to perform user's endpoints methods.

 

Greg-DB
Dropbox Staff
Go to solution

Yes, for "Dropbox Business API" apps, the access tokens enable access to the entire team (and in particular, Dropbox Business API apps with the "team member file access" permission can operate on specific members, using DropboxTeamClient.AsMember). 

For "Dropbox API" apps, the access tokens enable access only to the individual account.

This works the same way regardless of how the access token was retrieved (i.e., OAuth flow vs. "Generate" button).

RGDev
Explorer | Level 3
Go to solution

In other words, are there no differences in ways how Access token for Dropbox Businness API App was received (OAuth flow or "Generate" button) from the viewpoint of security and common production approaches?

Greg-DB
Dropbox Staff
Go to solution

That's correct.

Again though, note that the "Generate" button can only be used to get an access token for your own account/team. If you are building your app for use by other teams, you do need to implement the OAuth flow in your app. Also, you should never share your own access token with others.

RGDev
Explorer | Level 3
Go to solution

Got it, thank you !

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    RGDev Explorer | Level 3
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?