cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Make the application for everyone after review?

Make the application for everyone after review?

abdelouahab a.
New member | Level 1

I just got my application approuved for production, in the email, they told me to use a 'key' ? what is this key?
The application works with : dropbox_consumer_key and dropbox_consumer_secret, but now that I got approuved, if I try to access to the application with another browser (or logged out from my dropbox) I get a login page for dropbox?!
What do I need to make the application dont ask for credential for anyone accessing to it?

14 Replies 14

Greg-DB
Dropbox Staff

The key the email is referring to is just your app's existing app key. While in development mode, only up 100 users can link your app to their accounts. Once in production mode, any number of user accounts can be linked to your app. The development/production switch doesn't affect how your app or the app authorization flow works.

It sounds like you just want your app to connect to your own account and only your own account. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons. (You also don't actually need to be production mode if you only want to use your own account.)

However if you did want to go this route, instead of kicking off the authorization flow, you would manually use an existing access token for your app, instead of kicking off the app authorization flow. (Just be careful not to revoke it, e.g. via https://www.dropbox.com/account/security .)

abdelouahab a.
New member | Level 1

The application is an application where students will upload their project instead of sending them by email, so I can manage the number of users, groups, duplicate works....
But if I do this, then all students must have an account at dropbox?

Greg-DB
Dropbox Staff

If you want the students to only upload to your own account, you can use the API with only your own access token as I described, and they won't need to have their own Dropbox accounts.

abdelouahab a.
New member | Level 1

Greg-DB
Dropbox Staff

Which thing in that screenshot are you referring to?

The first lets you enable/disable the "implicit" a.k.a. "token" OAuth 2 flow for your app.

The second lets you generate an access token for your account to connect to that app. If you do only need to connect to your own account that is an easy way to get an access token.

abdelouahab a.
New member | Level 1

Can you give me an example, where I only grant users to upload, because finally this is the right solution, by using a full access, the user can even see the folder, which is dangerous!
So, I will go with the token in url way, but can you give me an example with an URL ?

Greg-DB
Dropbox Staff

I'm not sure I understand your question. Have you run into a specific issue you can post the details for?

We don't have specific samples for using a single account only, but it doesn't really change how you use the API, so I recommend working through the samples/tutorial for whatever SDK you're using.

abdelouahab a.
New member | Level 1

Sorry for my questions, but the initial problem is: make users upload to dropbox folder, but are not allowed to see anything inside it?
So, from what I understand, I will make requests as they come from my account using the token I will generate from the console?

Greg-DB
Dropbox Staff

Yes, if you want them to upload to only your account, you can use the generated access token for your account. This can only be safely done if this is a web app, where you can protect the access token on the server.

Need more support?