cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Application token key

Application token key

guymayor
Explorer | Level 4
Go to solution

Is it possible to get a token key only with APP_KEY and APP_SECRET without redirect_uri the authorizing URL that needes the user to open the URL in a new tab and copy-paste the code?

If not, can I assume that this code will never be expired?

12 Replies 12

Здравко
Legendary | Level 20
Go to solution

No way.

If you install a mail application, for example, is there a way this app can access your mailbox without your consent?! :grin: Would you be glad in such a situation?!

guymayor
Explorer | Level 4
Go to solution

1. As I said before, I don't want to access into private folders.

2. this is can be done on OneDrive API

 

Greg-DB
Dropbox Staff
Go to solution

@guymayor Здравко is correct; the Dropbox API doesn't offer a way to upload files based only on the app key and secret. The app key and secret only identify the app itself. Making changes to an account, such as uploading files, requires authorization to access that account.

The Dropbox API doesn't offer any sort of "app account" or "app storage" where you can upload files outside of any specific user account, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though. 

To get an access token for a specific user account for the Dropbox API you need to send the user through the OAuth app authorization flow.

Likewise, to get an access token for an entire Dropbox Business team for the Dropbox Business API you need to send a team admin through the OAuth app authorization flow. If the Dropbox Business API app is registered for the "team member file access" permission, you can then use the resulting access token to access any member's account via the "member file access" feature documented here. The individual member doesn't need to additionally authorize the app, as it's been authorized for the entire team by a team admin.

Finally, an actual Dropbox API access token does not expire by itself, but it can be revoked by the user or app at any time. Also, note that "access tokens" are not the same as "authorization codes". Authorization codes are short-lived, single-use codes that can be exchanged for an access token.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    guymayor Explorer | Level 4
  • User avatar
    Здравко Legendary | Level 20
What do Dropbox user levels mean?