Richard's correct, Dropbox API apps should not handle the user's credentials, but should use the OAuth flow instead. Note that this only needs to be done once per user. Once your app has an access token for a user, it can store and re-use the access token for future API calls for that user without further manual user intervention. Access tokens don't expire by themselves (though they can be manually revoked).
We love to learn from the educators who use Dropbox. Whether you teach kids, teens, adults or a combination of all three, we want to know what apps and integrations you use with Dropbox to help with teaching. Which of the ones below is your favorite, or most used tool?