cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you interested in hearing how one of our Community members uses Dropbox for sailing trips? Read all about it here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Correct Auth Method for My App?

Correct Auth Method for My App?

Josh-IP
Explorer | Level 3

I work at a screen printing company, and we are building a design library app to display our designs to users. The images of the designs are stored in our Dropbox account. I have already set up my Dropbox app from the App Console and have successfully retrieved some image links using the API. However, the next day, the same requests returned an expired access token error.

 

I am aware that Dropbox is transitioning/has transitioned to using short-lived access tokens instead of the long-lived ones. I have found support threads discussing this, but they all direct to the OAuth guide, which seems geared toward apps that use the API to allow other users to interact with their own Dropbox accounts.

 

Because the app we're building ONLY needs access to our own account, I'm unsure of the correct way to handle auth. It seems like permanent access tokens aren't available anymore, but since a user visiting our design library will not have our credentials, sending them to a sign-in screen for OAuth won't work either. What is the correct way to handle auth for this app?

 

Thanks for your time.

2 Replies 2

DB-Des
Dropbox Engineer

Hi there,

 

Apps can get long-term access by requesting "offline" access, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. Refresh tokens do not expire automatically and can be used repeatedly. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

 

Hope this helps!

Greg-DB
Dropbox Staff

It's also worth noting that whether or not the app is only for use with your own account, using the OAuth app authorization flow is the right way to get long-term access, by retrieving a refresh token. If it's only for your own account, you would just need to process that once yourself.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    DB-Des Dropbox Engineer
What do Dropbox user levels mean?