Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
I'm developing android app that needs to let any user to upload to my business specific folder. Shell I save ACCESS_TOKEN in their app or use API Key/Secret.
I'm really confused, because I see the ACCESS_TOKEN will allow them to access my whole dropbox account which is wrong for me, I need them just access specific folder.
Please help.
It sounds like you want all of the users of your app to connect to your own Dropbox account only. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons.
However if you did want to go this route, instead of kicking off the authorization flow, you would manually use an existing access token for your account and app. (Just be careful not to revoke it, e.g. via https://www.dropbox.com/account/connected_apps .)
For reference, any access token will enable access to the extent allowed by the permission for your app. For example, if your app is registered for the full Dropbox permission, it will allow access to the entire Dropbox. The app folder permission would only allow access to the app folder. You can find more information on the different permissions here:
https://www.dropbox.com/developers/reference/developer-guide#app-permissions
The app folder permission would be closer to what you want, but note that it's not safe to expose an access token like this. A malicious use could use it and access anything else in the folder, for example.
It sounds like you want all of the users of your app to connect to your own Dropbox account only. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons.
However if you did want to go this route, instead of kicking off the authorization flow, you would manually use an existing access token for your account and app. (Just be careful not to revoke it, e.g. via https://www.dropbox.com/account/connected_apps .)
For reference, any access token will enable access to the extent allowed by the permission for your app. For example, if your app is registered for the full Dropbox permission, it will allow access to the entire Dropbox. The app folder permission would only allow access to the app folder. You can find more information on the different permissions here:
https://www.dropbox.com/developers/reference/developer-guide#app-permissions
The app folder permission would be closer to what you want, but note that it's not safe to expose an access token like this. A malicious use could use it and access anything else in the folder, for example.
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!