cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
We just wanted to say thank you! Check out our customer appreciation video here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Restricting API Token to a given root folder

Restricting API Token to a given root folder

Cinelist
Explorer | Level 3

Hi everyone

 

I'm new to the Dropbox Developer community 🙂

 

Is it possible to limit an app token (generated with the OAuth2 flow) to a given folder in the corresponding Dropbox?

 

It seems to be possible with scopes, but I don't understand how to...

 

Thank you very much

 

Thomas

5 Replies 5

Здравко
Legendary | Level 20

@Cinelist wrote:

...

Is it possible to limit an app token (generated with the OAuth2 flow) to a given folder in the corresponding Dropbox?

...


Hi @Cinelist,

No, you cannot limit access to particular folder for token. You can set in your application some folder to be root (actually re-rooting), but this isn't a limitation. To limit access to a single folder you can use registered application with application' folder. Such a folder will be created automatically in the App folder and your application will be able access resources only residing there (as opposite to full access) if that's what you want.

 


@Cinelist wrote:

...

It seems to be possible with scopes, but I don't understand how to...

...


No, scopes are used to point out (and limit) what you are intend to do on accessible resources (not to limit the resources themself).

Cinelist
Explorer | Level 3

Thank you very much for your reply!

 

To limit access to a single folder you can use registered application with application' folder. Such a folder will be created automatically in the App folder and your application will be able access resources only residing there (as opposite to full access) if that's what you want.


Yes this is exactly what I want! How should I do that? On the Dropbox app's dashboard?

Здравко
Legendary | Level 20

On an existing application you cannot change this! When you created your application you have set some type of application permissions. If this type is "App folder", you don't need to do anything more - you got it already. If you have something else selected, you need to create new application and select proper type there. 😉 That's it.

Hope this helps.

Greg-DB
Dropbox Staff

@Cinelist As Здравко indicated, Dropbox does not offer the ability to grant an app/access token access to specific existing folder(s) only, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though.
 
The Dropbox API currently offers two levels of file/folder access: "app folder" and "full Dropbox". The closest option to your request would be the "app folder" access type. Apps with the app folder access type can only access the contents of a special app folder created for the app in the connected account. You can find more information on app permissions here. Scopes only control which functionality the app can access, not which content.

 

It's not possible to switch the access type on an existing Dropbox API app. If you want to change the access type used for an app that hasn't been released to users, you can do so by deleting the current API app registration and registering another with the desired permission. Deleting an API app in development mode frees up the name so you can register it again. Once you do, just be sure to update your app accordingly to use the new app key and secret. Access tokens for the deleted app will also no longer work.

 

If your app has already been released to users, we do not recommend disabling your API app, as it would break the integration for existing users. Instead, we recommend you register another API app for the other access type and add that as an option in your app.

 

You can register a new API app here.

Cinelist
Explorer | Level 3

Thank you very much for all your feedbacks. That helps me 😉

 

Thomas

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Cinelist Explorer | Level 3
  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    Здравко Legendary | Level 20
What do Dropbox user levels mean?