cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: How can I authenticate mobile app to upload to my business dropbox folder

How can I authenticate mobile app to upload to my business dropbox folder

fhuwaidy
New member | Level 2
Go to solution

I'm developing android app that needs to let any user to upload to my business specific folder. Shell I save ACCESS_TOKEN in their app or use API Key/Secret.

 

I'm really confused, because I see the ACCESS_TOKEN will allow them to access my whole dropbox account which is wrong for me, I need them just access specific folder.

 

Please help.

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

It sounds like you want all of the users of your app to connect to your own Dropbox account only. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons.

However if you did want to go this route, instead of kicking off the authorization flow, you would manually use an existing access token for your account and app. (Just be careful not to revoke it, e.g. via https://www.dropbox.com/account/connected_apps .)

For reference, any access token will enable access to the extent allowed by the permission for your app. For example, if your app is registered for the full Dropbox permission, it will allow access to the entire Dropbox. The app folder permission would only allow access to the app folder. You can find more information on the different permissions here:

https://www.dropbox.com/developers/reference/developer-guide#app-permissions

The app folder permission would be closer to what you want, but note that it's not safe to expose an access token like this. A malicious use could use it and access anything else in the folder, for example.

View solution in original post

1 Reply 1

Greg-DB
Dropbox Staff
Go to solution

It sounds like you want all of the users of your app to connect to your own Dropbox account only. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons.

However if you did want to go this route, instead of kicking off the authorization flow, you would manually use an existing access token for your account and app. (Just be careful not to revoke it, e.g. via https://www.dropbox.com/account/connected_apps .)

For reference, any access token will enable access to the extent allowed by the permission for your app. For example, if your app is registered for the full Dropbox permission, it will allow access to the entire Dropbox. The app folder permission would only allow access to the app folder. You can find more information on the different permissions here:

https://www.dropbox.com/developers/reference/developer-guide#app-permissions

The app folder permission would be closer to what you want, but note that it's not safe to expose an access token like this. A malicious use could use it and access anything else in the folder, for example.

Need more support?