cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Some questions about security

Labels:

Some questions about security

Nickk888
Explorer | Level 3
‎10-03-2018 08:52 PM
Hello everyone!

I have some questions about the API security.

The application I am programming right now is connected to my dropbox account registered as an App that is using a different directory.

The problem is the token...
For now the token is in a string variable inside the code, because the app will be for other users on the internet, everyone who decompiles the application will get the token right?

So how can I make my app more secure? Could I set that the app can ONLY download and view the content? I don't want other users to mess with the files nor upload something using the token.

Other services are using credentials to make a secure connection and autentification, is it also somehow possible with the Dropbox app?

I'm writing in C# by the way.

Kind regards.
Labels:
  • 0 Likes
  • 2 Replies
  • 1,535 Views
0 Likes
2 Replies 2

Greg-DB
Dropbox Staff
‎10-04-2018 07:46 AM

The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. It is technically possible to connect to just one account, by embedding an access token for the desired account in the app itself, like you describe, but we don't recommend doing so, for various technical and security reasons.

There isn't a way to configure a download-only permission, but I'll pass this along as a feature request. 

Alternatively, you could consider using shared links to link to content in your Dropbox:


https://www.dropbox.com/help/files-folders/view-only-access

You can modify these links for direct access, e.g., to programmatically download from them:


https://www.dropbox.com/help/desktop-web/force-download

0 Likes

Greg-DB
Dropbox Staff
‎10-01-2020 07:45 AM

I just wanted to follow up on this to let you know that we've released "scopes" functionality on the Dropbox API, which you can use to configure an app or access token to only a limited set of functionality, such as the ability to read but not write files.

 

You can find more information about the release in our blog post here:

 

https://dropbox.tech/developers/now-available--scoped-apps-and-enhanced-permissions  

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?