cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you interested in hearing how one of our Community members uses Dropbox for sailing trips? Read all about it here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Invalid access token

Invalid access token

Muneebzzzz
Explorer | Level 4

I generated an access token while creating my project on dropbox app console, and used that token to let my user's to fetch data from my drobox using my android app, everything worked fine for months but today i was getting an exception that my access token is not valid, then i generated a new access token from app console and it again started working, now that my token is changed and is affecting my users as they have the old one.. i want to know what has happened and how my token becomes invalid, is the token got changed or what.. i have over 5k installs on google play and now my all users are affecting

14 Replies 14

Muneebzzzz
Explorer | Level 4
Yes you are right Greg, i have to secure my token.. one last question that iam not using app secret code in my app, is that code use for the auth process? And thanks for the quick response

Greg-DB
Dropbox Staff

Yes, the app key and secret identify an app, and would be used in the OAuth app authorization flow. 

More specifically, Dropbox actually supports two forms of the OAuth app authorization flow: "code" and "token", documented here. The "code" flow is generally intended for server-side apps, and requires both the app key and secret. The "token" flow is generally intended for client-side apps, and only requires the app key, and not the secret.

Muneebzzzz
Explorer | Level 4
You explain so well Greg.. thanks alot for bearing me and giving your precious time 🙂

Muneebzzzz
Explorer | Level 4
Actually iam not using app key in my code, only using access token

Greg-DB
Dropbox Staff

That's correct, as you've described it, your current setup involves you embedding your access token itself in your app, not your app key or secret, since you are not using the OAuth app authorization flow.

If you were to use the OAuth app authorization flow, you would need to embed your app key, if using the "token" flow, or your app key and secret, if using the "code" flow.

Need more support?