Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
When using the Javascript API, the app is set up to return a value to my response page.
The querystring is pre-pended with a hashtag :
#access_token=blahblahblah
THe problem is that the server side cannot see the URL after the hashtag, is there a way to remove this from the return string?
The Dropbox OAuth app authorization process supports two different "flows" or "grants": the "code" flow and the "token" flow. You can find more information on both of these in the Dropbox authorization documentation here: https://www.dropbox.com/developers/documentation/http/documentation#authorization
From the snippet you included, I see that you're using the "token" flow, where the access token is returned directly on the redirect URI's fragment or "hash". This behavior can't be changed for the token flow. This is primarily meant for client-side applications where the application can retrieve and read the hash value, e.g., from client-side browser JavaScript.
If you're using the official Dropbox API v2 JavaScript SDK, you can find an example of processing the token flow here: https://github.com/dropbox/dropbox-sdk-js/blob/master/examples/javascript/auth/index.html
Alternatively, if you're building a server-side app, you should instead use the "code" flow, where an "authorization code" is returned as a query parameter (not on the URL fragment), which the server can read and the app should then exchange for an access token.
If you're using the official Dropbox API v2 JavaScript SDK server-side, you can find an example of using the code flow here: https://github.com/dropbox/dropbox-sdk-js/blob/master/examples/javascript/code_flow_example.js
The Dropbox OAuth app authorization process supports two different "flows" or "grants": the "code" flow and the "token" flow. You can find more information on both of these in the Dropbox authorization documentation here: https://www.dropbox.com/developers/documentation/http/documentation#authorization
From the snippet you included, I see that you're using the "token" flow, where the access token is returned directly on the redirect URI's fragment or "hash". This behavior can't be changed for the token flow. This is primarily meant for client-side applications where the application can retrieve and read the hash value, e.g., from client-side browser JavaScript.
If you're using the official Dropbox API v2 JavaScript SDK, you can find an example of processing the token flow here: https://github.com/dropbox/dropbox-sdk-js/blob/master/examples/javascript/auth/index.html
Alternatively, if you're building a server-side app, you should instead use the "code" flow, where an "authorization code" is returned as a query parameter (not on the URL fragment), which the server can read and the app should then exchange for an access token.
If you're using the official Dropbox API v2 JavaScript SDK server-side, you can find an example of using the code flow here: https://github.com/dropbox/dropbox-sdk-js/blob/master/examples/javascript/code_flow_example.js
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!