Your workflow is unique 👨💻 - tell us how you use Dropbox here.
Forum Discussion
Access token and revoke
To whom it may concer, 1. With the API version 2, will the api token get expired ever ? 2. Assuming I want to revoke the token by making a call to /auth/token/revoke. And then try to generate th...
Hi Greg,
Thanks for getting back to me and sorry for the late response. I understand the part that we need to have the token effectively expire and it is best to be stored on the app server, but for instance if I set the token to be a cookie and store on a user's browser and have it expires in 3 days, but somehow the token is exploited by accident and is being used by another different user before the token is expired. In another word, a token from user A is being used by user B (worse scenario). And if this happen, is there a way to validate this token when it's passed to the api to make sure the token belong to the correct user ?
Thanks
Thanks for getting back to me and sorry for the late response. I understand the part that we need to have the token effectively expire and it is best to be stored on the app server, but for instance if I set the token to be a cookie and store on a user's browser and have it expires in 3 days, but somehow the token is exploited by accident and is being used by another different user before the token is expired. In another word, a token from user A is being used by user B (worse scenario). And if this happen, is there a way to validate this token when it's passed to the api to make sure the token belong to the correct user ?
Thanks
Greg-DB
Dropbox Community Moderator
Dropbox Community ModeratorThanks for elaborating! No, the API doesn't offer anything quite like that. If the user has any reason to believe their browser and/or access tokens have been compromised though, they can revoke sessions and tokens on their account security page.
- Ah ok, thanks Greg.
About Dropbox API Support and Feedback
Get help with the Dropbox API from fellow developers and experts.
