cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Distinction between Oauth 2 and PHP Core API (PHP SDK)

Distinction between Oauth 2 and PHP Core API (PHP SDK)

Priya M.
Explorer | Level 4
Go to solution

Hi,

 

I'm from Softaculous Ltd and we are now starting to integrate with Dropbox for Backups upload and download.

 

I want to know the difference between your PHP Core API or PHP SDK and OAUTH 2.

 

Also, do you have something as FTP stream to upload a tar.gz file in parts?

28 Replies 28

Greg-DB
Dropbox Staff
Go to solution

The PHP Core SDK is a PHP SDK for accessing Dropbox API v1, a.k.a. the Dropbox Core API. API v1 is deprecated though, so you should no longer use that. 

 

You should use API v2 instead. We don't have an official PHP SDK for API v2, so you can either use a third party library or call the HTTPS endpoints directly.

 

OAuth is an authorization protocol, used by the Dropbox API. API v1 supports OAuth 1 and OAuth 2. API v2 supports OAuth 2.

Priya M.
Explorer | Level 4
Go to solution

Hi Greg,

 
If I make use of HTTPS endpoints directly to use API v2, do I have to include some Dropbox classes or direct curl call will work?
 
Also, I'm not able to understand how to use these endpoint URLs using PHP. Can you please give me an example?
 
I want to generate the auth token of the user's account, how can I do so and using which endpoint?

Priya M.
Explorer | Level 4
Go to solution

Hi,

 

Thank you for your reply.

 

I'm not able to understand how to make the PHP curl call, what all curl parameters are to be set, etc. I'm not able to understand how to fetch the user auth token using the authorization API:

https://www.dropbox.com/developers/documentation/http/documentation#authorization

 

I'm using it like this. Please correct me:

 

$post['response_type'] = 'token';
$post['client_id'] = '6i45k3fi9a1i9an';
$post['redirect_uri'] = get_current_url().'&auth_callback=1';
$url = 'https://www.dropbox.com/oauth2/authorize';
// Set the curl parameters.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
//Set proxy 
//curl_proxy($ch);
// Turn off the server and peer verification (TrustManager Concept).
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));

curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_NOBODY, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// Get response from the server.
$resp = curl_exec($ch); 
r_print($resp);

 

Priya M.
Explorer | Level 4
Go to solution

Hi,

 

I made the following changes:

 

 

function get_current_url() {
$url = @($_SERVER["HTTPS"] != 'on') ? 'http://'.$_SERVER["SERVER_NAME"] : 'https://'.$_SERVER["SERVER_NAME"];
$url .= ($_SERVER["SERVER_PORT"] != 80) ? ":".$_SERVER["SERVER_PORT"] : "";
$url .= $_SERVER["REQUEST_URI"];
return $url;
}
$url = 'https://www.dropbox.com/oauth2/authorize?response_type=token&client_id=6i45k3fi9a1i9an&redirect_uri='.get_current_url();
// Set the curl parameters.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
// Turn off the server and peer verification (TrustManager Concept).
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); 

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// Get response from the server.
$resp = curl_exec($ch);
echo '<br />Curl Error: '.curl_error($ch);
echo '<br />Curl Response: ';
r_print($resp);

 

Using this I get:

Invalid redirect_uri: "https://cpanel.nuftp.com:2083/cpsess5895978520/frontend/paper_lantern/softaculous/index.live.php": It must exactly match one of the redirect URIs you've pre-configured for your app (including the path).

How do I specify the redirect URL?

 

Also, I want to redirect this auth process in a separate window, which when accepted by the user should return back to the current window. How do I do that?

Greg-DB
Dropbox Staff
Go to solution

You're attempting to access /authorize by submitting an HTTP request to it via curl like you would for an API call, but /authorize is actually a web page the user should interact with in their browser, and not an API endpoint.

 

You should construct the /authorize URL and then direct the user there in their browser. (Exactly how you do that will depend on your setup, e.g., your web framework.)

 

The redirect_uri value should be the URL of the page where you want the user sent back to after they authorize your app. As a security measure, it needs to exactly match a redirect URI registered for your app via your app's page on the App Console. If it doesn't you'll get that error you posted.

Priya M.
Explorer | Level 4
Go to solution
Hi,

>>The redirect_uri value should be the URL of the page where you want the user sent back to after they authorize your app. As a security measure, it needs to exactly match a redirect URI registered for your app via your app's page on the App Console. If it doesn't you'll get that error you posted.
The Redirect URI in our case may vary as we provide user the utility to authorize to our Dropbox APP from various pages. We probably cannot set all those URIs in the APP settings via our APP's page. How to handle this?

Greg-DB
Dropbox Staff
Go to solution
I'm afraid I don't have a great solution for you, as OAuth 2 redirect URIs for the Dropbox API are required to be pre-registered exactly. I'll be sure to pass this along as feedback though.

One thing you may be able to do instead is to use one static redirect URI but encode the necessary information in the 'state' parameter, and decode it as necessary after the redirect back to your app, to handle it as necessary:

https://www.dropbox.com/developers/documentation/http/documentation#authorization

Alternatively, you could forgo using a redirect URI entirely. With the "code" flow, you can omit redirect_uri and have the user copy and paste the code manually. (Or, for the "token" flow, you can use https://www.dropbox.com/1/oauth2/display_token as the redirect URI and have the user copy and paste the access token.)

Priya M.
Explorer | Level 4
Go to solution
Hi,
 
Can you please tell me some examples of usage of this API? How will I fetch the access token when the authorization is successfull and the user is redirected back to the uri as specified in tge redirect uri?
Also, when I'm using this API, I'm getting the error of 'invalid response type code'.
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    Priya M. Explorer | Level 4
What do Dropbox user levels mean?