cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Back again with another edition of 'How we use Dropbox', so find out how Emma uses to-do lists to get it all done here!

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Tokens only valid for 4 hours from app console

Tokens only valid for 4 hours from app console

george208
Explorer | Level 3

I think that I must be doing something wrong but I can't figure out where. I'm trying to use the dropbox uploader script. I have created an app (Dropbox API, for "app folder" access) through the dropbox website, after authenticating my dropbox account. I have generated a token in the app console by clicking the "Generate" button under "Generated access token". The token string starts with "sl." and seems to expire after four hours.

 

I've searched this site and the web in an attempt to figure out how to get a token that doesn't expire after four hours. Everything that I find seems to suggest that tokens should not expire unless they come from the API Explorer - which I'm not using. If I go to the app console, select the settings for my app, and hover over the info icon next to "Generated access token" it tells me explicitly that the token will only be valid for four hours -- directly contradicting everything that I've found online.

 

Have I missed something? How can I acquire a token that will not expire (or at least lasts longer than 4 hours)?

 

Thanks for any help!

1 Accepted Solution

Accepted Solutions

Re: Tokens only valid for 4 hours from app console

Greg-DB
Dropboxer

Apologies for the confusion all! Historically Dropbox API access tokens never expired by themselves, but we are working on adding functionality for "short-lived" access tokens, which expire after four hours. (We'll post more information when we offer that functionality on the actual OAuth flow.) The API v2 Explorer had early access to this feature for testing and prototyping, and we did just extend that to the "Generate" function on the App Console as well. It sounds like this is disruptive and unexpected for some workflows, so I'll ask the team to switch this back or make it configurable.

 

The actual OAuth flow itself still operates as before though, so in the meantime if you need or want "long-lived" (non-expiring) access token(s) for your app and account, you can use that to get them. If you don't have the flow already built in to your app, the easiest way to do so would be to:

  1. Add "https://www.dropbox.com/1/oauth2/display_token" (without quotes) as a redirect URI for your app, via the "OAuth 2" "Redirect URIs" section of your app's page on the App Console.
  2. Replace "APPKEYHERE" with your actual app key a.k.a. client ID in this URL: 
    https://www.dropbox.com/oauth2/authorize?response_type=token&redirect_uri=https://www.dropbox.com/1/oauth2/display_token&client_id=APPKEYHERE 
  3. Browse to that URL while signed in to the account that you want the access token for, and authorize the app. Dropbox will then redirect you to a Dropbox page displaying the (non-expiring) access token.

View solution in original post

11 Replies 11

Re: Tokens only valid for 4 hours from app console

winkelement
Explorer | Level 4

I'm having the exact same problem.

Never used the API Explorer but all tokens generated via App console are short lived.

Re: Tokens only valid for 4 hours from app console

Greg-DB
Dropboxer

Apologies for the confusion all! Historically Dropbox API access tokens never expired by themselves, but we are working on adding functionality for "short-lived" access tokens, which expire after four hours. (We'll post more information when we offer that functionality on the actual OAuth flow.) The API v2 Explorer had early access to this feature for testing and prototyping, and we did just extend that to the "Generate" function on the App Console as well. It sounds like this is disruptive and unexpected for some workflows, so I'll ask the team to switch this back or make it configurable.

 

The actual OAuth flow itself still operates as before though, so in the meantime if you need or want "long-lived" (non-expiring) access token(s) for your app and account, you can use that to get them. If you don't have the flow already built in to your app, the easiest way to do so would be to:

  1. Add "https://www.dropbox.com/1/oauth2/display_token" (without quotes) as a redirect URI for your app, via the "OAuth 2" "Redirect URIs" section of your app's page on the App Console.
  2. Replace "APPKEYHERE" with your actual app key a.k.a. client ID in this URL: 
    https://www.dropbox.com/oauth2/authorize?response_type=token&redirect_uri=https://www.dropbox.com/1/oauth2/display_token&client_id=APPKEYHERE 
  3. Browse to that URL while signed in to the account that you want the access token for, and authorize the app. Dropbox will then redirect you to a Dropbox page displaying the (non-expiring) access token.

View solution in original post

Re: Tokens only valid for 4 hours from app console

ahmed-sharaf
Explorer | Level 4

@Greg-DBit works. Thanks a lot!

Re: Tokens only valid for 4 hours from app console

george208
Explorer | Level 3

Same for me, this is what I suspected to be the case - and the description of how to work around the recent change is exactly what I was after.

 

I have created a token as suggested via the redirect URI method and it seems to be working. Many thanks for the quick response!

Re: Tokens only valid for 4 hours from app console

marcktoronto
New member | Level 2

Its still only temporary for me.

The access token still begins with sl

Please let me know when this is fixed

Re: Tokens only valid for 4 hours from app console

Greg-DB
Dropboxer

@marcktoronto Thanks for the report! We are beginning to roll out this new short-lived token functionality. When you create a new scoped app now, it will default to short-lived tokens, and accordingly you will get short-lived access tokens from the "Generate" button. You can find more information about these new features in the new OAuth Guide.

 

This can be configured via the "Access token expiration" dropdown option on the "Settings" tab of the app's info page. Unfortunately though, in some cases, e.g., when you have "paired" accounts, due to how the gradual rollout works, you may not see that option yet. If that's the case for you, and you need long-lived access tokens from the Generate button, feel free to reach out here and let us know which app(s) you need changed back to default to long-lived access tokens and we'll change that setting for your app(s).

Re: Tokens only valid for 4 hours from app console

Greg-DB
Dropboxer

For anyone else coming across my last comment, we have updated how the rollout works so you should now be able to see the "Access token expiration" dropdown option on the "Settings" tab of the app's info page for any scoped app, regardless of the state of the rollout across paired accounts.

Re: Tokens only valid for 4 hours from app console

navile14
New member | Level 2

My account currently does not have this option "Access token expiration" dropdown option on the "Settings" tab

Re: Tokens only valid for 4 hours from app console

Greg-DB
Dropboxer

@navile14 This new functionality is still being rolled out and is not currently available for all accounts. If you don't see that option, it's not available for your account yet.

 

If you're having trouble configuring your app, you can also open a ticket for help, if you haven't already.

Poll
We love to learn from the educators who use Dropbox. Whether you teach kids, teens, adults or a combination of all three, we want to know what apps and integrations you use with Dropbox to help with teaching. Which of the ones below is your favorite, or most used tool?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropboxer
  • User avatar
    Tom_Kc New member | Level 2
  • User avatar
    navile14 New member | Level 2
What do Dropbox user levels mean?
Need more support?