cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Update: Find information on Dropbox support during COVID-19 here
Close

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Tokens only valid for 4 hours from app console

Explorer | Level 3

I think that I must be doing something wrong but I can't figure out where. I'm trying to use the dropbox uploader script. I have created an app (Dropbox API, for "app folder" access) through the dropbox website, after authenticating my dropbox account. I have generated a token in the app console by clicking the "Generate" button under "Generated access token". The token string starts with "sl." and seems to expire after four hours.

 

I've searched this site and the web in an attempt to figure out how to get a token that doesn't expire after four hours. Everything that I find seems to suggest that tokens should not expire unless they come from the API Explorer - which I'm not using. If I go to the app console, select the settings for my app, and hover over the info icon next to "Generated access token" it tells me explicitly that the token will only be valid for four hours -- directly contradicting everything that I've found online.

 

Have I missed something? How can I acquire a token that will not expire (or at least lasts longer than 4 hours)?

 

Thanks for any help!

1 Accepted Solution

Accepted Solutions
Highlighted

Re: Tokens only valid for 4 hours from app console

Dropboxer
Dropboxer

Apologies for the confusion all! Historically Dropbox API access tokens never expired by themselves, but we are working on adding functionality for "short-lived" access tokens, which expire after four hours. (We'll post more information when we offer that functionality on the actual OAuth flow.) The API v2 Explorer had early access to this feature for testing and prototyping, and we did just extend that to the "Generate" function on the App Console as well. It sounds like this is disruptive and unexpected for some workflows, so I'll ask the team to switch this back or make it configurable.

 

The actual OAuth flow itself still operates as before though, so in the meantime if you need or want "long-lived" (non-expiring) access token(s) for your app and account, you can use that to get them. If you don't have the flow already built in to your app, the easiest way to do so would be to:

  1. Add "https://www.dropbox.com/1/oauth2/display_token" (without quotes) as a redirect URI for your app, via the "OAuth 2" "Redirect URIs" section of your app's page on the App Console.
  2. Replace "APPKEYHERE" with your actual app key a.k.a. client ID in this URL: 
    https://www.dropbox.com/oauth2/authorize?response_type=token&redirect_uri=https://www.dropbox.com/1/oauth2/display_token&client_id=APPKEYHERE 
  3. Browse to that URL while signed in to the account that you want the access token for, and authorize the app. Dropbox will then redirect you to a Dropbox page displaying the (non-expiring) access token.

View solution in original post

7 Replies 7
Highlighted

Re: Tokens only valid for 4 hours from app console

Explorer | Level 4

I'm having the exact same problem.

Never used the API Explorer but all tokens generated via App console are short lived.

Highlighted

Re: Tokens only valid for 4 hours from app console

Dropboxer
Dropboxer

Apologies for the confusion all! Historically Dropbox API access tokens never expired by themselves, but we are working on adding functionality for "short-lived" access tokens, which expire after four hours. (We'll post more information when we offer that functionality on the actual OAuth flow.) The API v2 Explorer had early access to this feature for testing and prototyping, and we did just extend that to the "Generate" function on the App Console as well. It sounds like this is disruptive and unexpected for some workflows, so I'll ask the team to switch this back or make it configurable.

 

The actual OAuth flow itself still operates as before though, so in the meantime if you need or want "long-lived" (non-expiring) access token(s) for your app and account, you can use that to get them. If you don't have the flow already built in to your app, the easiest way to do so would be to:

  1. Add "https://www.dropbox.com/1/oauth2/display_token" (without quotes) as a redirect URI for your app, via the "OAuth 2" "Redirect URIs" section of your app's page on the App Console.
  2. Replace "APPKEYHERE" with your actual app key a.k.a. client ID in this URL: 
    https://www.dropbox.com/oauth2/authorize?response_type=token&redirect_uri=https://www.dropbox.com/1/oauth2/display_token&client_id=APPKEYHERE 
  3. Browse to that URL while signed in to the account that you want the access token for, and authorize the app. Dropbox will then redirect you to a Dropbox page displaying the (non-expiring) access token.

View solution in original post

Highlighted

Re: Tokens only valid for 4 hours from app console

Explorer | Level 4

@Greg K.it works. Thanks a lot!

Highlighted

Re: Tokens only valid for 4 hours from app console

Explorer | Level 3

Same for me, this is what I suspected to be the case - and the description of how to work around the recent change is exactly what I was after.

 

I have created a token as suggested via the redirect URI method and it seems to be working. Many thanks for the quick response!

Highlighted

Re: Tokens only valid for 4 hours from app console

New member | Level 2
New member | Level 2

Its still only temporary for me.

The access token still begins with sl

Please let me know when this is fixed

Highlighted

Re: Tokens only valid for 4 hours from app console

Dropboxer
Dropboxer

@marcktoronto Thanks for the report! We are beginning to roll out this new short-lived token functionality. When you create a new scoped app now, it will default to short-lived tokens, and accordingly you will get short-lived access tokens from the "Generate" button. You can find more information about these new features in the new OAuth Guide.

 

This can be configured via the "Access token expiration" dropdown option on the "Settings" tab of the app's info page. Unfortunately though, in some cases, e.g., when you have "paired" accounts, due to how the gradual rollout works, you may not see that option yet. If that's the case for you, and you need long-lived access tokens from the Generate button, feel free to reach out here and let us know which app(s) you need changed back to default to long-lived access tokens and we'll change that setting for your app(s).

Highlighted

Re: Tokens only valid for 4 hours from app console

Dropboxer
Dropboxer

For anyone else coming across my last comment, we have updated how the rollout works so you should now be able to see the "Access token expiration" dropdown option on the "Settings" tab of the app's info page for any scoped app, regardless of the state of the rollout across paired accounts.

Polls
Do you know how to organize your files and folders?
We have created a guide on folder best practice, so you can get organized now check it out here.

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?