cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you an educator? Well we want to hear from you, so check out some tools we think might help you out here!

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Application token key

Application token key

guymayor
Explorer | Level 4

Is it possible to get a token key only with APP_KEY and APP_SECRET without redirect_uri the authorizing URL that needes the user to open the URL in a new tab and copy-paste the code?

If not, can I assume that this code will never be expired?

1 Accepted Solution

Accepted Solutions

Re: Application token key

Greg-DB
Dropboxer

@guymayor Здравко is correct; the Dropbox API doesn't offer a way to upload files based only on the app key and secret. The app key and secret only identify the app itself. Making changes to an account, such as uploading files, requires authorization to access that account.

The Dropbox API doesn't offer any sort of "app account" or "app storage" where you can upload files outside of any specific user account, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though. 

To get an access token for a specific user account for the Dropbox API you need to send the user through the OAuth app authorization flow.

Likewise, to get an access token for an entire Dropbox Business team for the Dropbox Business API you need to send a team admin through the OAuth app authorization flow. If the Dropbox Business API app is registered for the "team member file access" permission, you can then use the resulting access token to access any member's account via the "member file access" feature documented here. The individual member doesn't need to additionally authorize the app, as it's been authorized for the entire team by a team admin.

Finally, an actual Dropbox API access token does not expire by itself, but it can be revoked by the user or app at any time. Also, note that "access tokens" are not the same as "authorization codes". Authorization codes are short-lived, single-use codes that can be exchanged for an access token.

View solution in original post

12 Replies 12

Re: Application token key

Здравко
Super Collaborator | Level 20

@guymayor wrote:

Is it possible to get a token key only with APP_KEY and APP_SECRET without redirect_uri the authorizing URL that needes the user to open the URL in a new tab and copy-paste the code?

...

Hi @guymayor,

APP_KEY and APP_SECRET represent the application identity, not to the user one! What kind of data, your application will get access to, if not directed to particular user?! That's what token key is for - linking your application instance to particular user profile/account. Of course, user should agree. :wink:


@guymayor wrote:

...

If not, can I assume that this code will never be expired?


If not deactivated in some way (either Dropbox, you or the user) - Yes. Otherwise - no.

Hope this helps.

Re: Application token key

guymayor
Explorer | Level 4


Hi @guymayor,

APP_KEY and APP_SECRET represent the application identity, not to the user one! What kind of data, your application will get access to, if not directed to particular user?! That's what token key is for - linking your application instance to particular user profile/account. Of course, user should agree. :wink:



Hey @Здравко Thanks for your answer, 

This is a dropbox for business application so I want the application to perform actions with admin permissions. do I have to link the application to a specific user?

I even want to see only the team_folders and not the personal ones if it's possible

Re: Application token key

Здравко
Super Collaborator | Level 20

As mentioned in API documentation:


For endpoints that accept performing actions on behalf of a team administrator using the Dropbox-API-Select-Admin header, files may be referenced using a namespace-relative path (e.g. "ns:123456/cupcake.png"). In this case, the namespace ID, "123456", would be the shared_folder_id or team_folder_id of the shared folder or the team folder containing the file or folder, and the path, "/cupcake.png", would be the logical path to the content relative to its shared folder or team folder container.

For more information take a look on Dropbox Business API documentation.

Re: Application token key

guymayor
Explorer | Level 4

Yes, I saw this on the API, the question is if the admin id that is set in Dropbox-API-Select-Admin header must be linked to the token key?

Re: Application token key

Здравко
Super Collaborator | Level 20

I'm not sure what you really ask. Dropbox authorization is based on token keys, so such key is something mandatory.

Re: Application token key

guymayor
Explorer | Level 4

I'll rephrase the question,

Is it possible to use API methods that support Dropbox-API-Select-Admin header as authentication like files-upload with a token key that being generated only by app_ket and app_secert (without user approval)

Re: Application token key

Здравко
Super Collaborator | Level 20

:grinning::slight_smile: Read more carefully files-upload info, you have referred above. Is there any info about using this API point without token (what info will be accessed in such case)?! :thinking: Read again, more carefully, my first post in this thread. :wink:

Re: Application token key

guymayor
Explorer | Level 4

I'm not sying access without a token, I just want to get a token without a user approval

 
 
 
 
 

Re: Application token key

guymayor
Explorer | Level 4

I'm not sying access without a token, I just want to get a token without a user approval

Poll
We love to learn from the educators who use Dropbox. Whether you teach kids, teens, adults or a combination of all three, we want to know what apps and integrations you use with Dropbox to help with teaching. Which of the ones below is your favorite, or most used tool?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropboxer
  • User avatar
    guymayor Explorer | Level 4
  • User avatar
    Здравко Super Collaborator | Level 20
What do Dropbox user levels mean?
Need more support?