I need to upload a series of 4 files each day to a Dropbox account from my platform, using the Dropbox API.
These files are to be read by an external company. The external company has a Dropbox account and my own company also has a separate Dropbox account.
My question is about security. If we get an OAuth access token for the Dropbox of the external company, is is possible to limit the ability of our platform to upload to only a single folder in their Dropbox? If the access can only be to the entire Dropbox rather than just a single folder, I would imagine that they will have security concerns in case something goes wrong with the upload script. In other words, they wouldn't want us to have unrestricted rights on everything in their Dropbox - just those required to upload to the single folder.
Another way of doing this would be to create a shared folder on my company's Dropbox account which we then share with the external company. Then I assume that I just need an OAuth key for our own account under the API. Would this be the recommended way of doing things?
I hope that this makes sense.