I generated an access token while creating my project on dropbox app console, and used that token to let my user's to fetch data from my drobox using my android app, everything worked fine for months but today i was getting an exception that my access token is not valid, then i generated a new access token from app console and it again started working, now that my token is changed and is affecting my users as they have the old one.. i want to know what has happened and how my token becomes invalid, is the token got changed or what.. i have over 5k installs on google play and now my all users are affecting
By default, Dropbox API access tokens for your app(s) don't expire by themselves, but there a number of different ways that a Dropbox API access token can become invalid:
Also, I should note that the Dropbox API was designed with the intention that each end-user would link their own Dropbox account, in order to interact with their own files, in which case they would only have access to their own access token(s).
It is technically possible to connect to just one account, by always using a specific access token, for all end-users of your app, and it sounds like that's what you're doing in this case. Please be aware that we don't recommend doing so, for various technical and security reasons. This is especially true for client-side apps, such as Android apps, as they can't keep the access token a secret from the end-users.
It sounds like you're referring to using the OAuth app authorization flow. That's the process you would implement in your app for the normal case where you have each end-user connect their own Dropbox account to receive their own access token. You can find more information in the OAuth Guide and authorization documentation (as well as the documentation for the SDK/library you're using, if any).
In your case, since you're using the non-recommended method of hard-coding your own access token in the app you distribute to users, you don't need to use the OAuth app authorization flow at all.
For reference, the access token you get for your own account by using the "Generate" button on your app's page on the App Console is functionally the same as an access token you would retrieve for your account via the OAuth app authorization flow.
While you yourself may not have revoked the token, it's possible someone who downloaded your app did. Since you embedded your access token in the app, someone could extract it from the app and then use /2/auth/token/revoke (or any other API endpoint) themselves. This is one of the reasons we don't recommend distributing your own access token like this.
The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.Sound good? Let's get started.
For more info on available support options, see this article.
If you found the answer to your question, please 'like' the post to say thanks to the user!