Error when adding team members to an initally created team folder via http endpoint

Hi Здравко,

thank you for your response.

The app I use has all rights possible (just for development, will revoke unneeded ones later on).

But I still don't get the point why I'm getting a popup to authorize to DBX.

I do have provided a new Bearer Token to authenticate my app, so why do I have to authenticate myself as Admin, too? Is this normal?

REST calls should be performed pretty much in the background without user interaction.

Since the authentication as Admin (user) is always of type "Basic" (username:password encoded in Base64) the DBX API might get this wrong.

Any futher suggestions? Thank you in advance.

I'd rather post my code here, but doubt anybody can interpret ABAP (SAP programming language) 🙂

Best,

Jan

Sdrastwuj Sdrawko,

I used to learn Russian at school, just about 50 years ago, but almost forgot everything 🙂 At least I'm still able to "decipher" cyrillic letters.

Thank you for your response. I already answered yesterday but somehow this post has vanished.

Ok, let me pls start over:

The DBX app I created has all rights on the Dropbox, I'll revoke some of them after finishing development.

My biggest problem actually is that the following dialog pops up everytime I make a call using the "Dropbox-API-Select-Admin" header parameter.

(Translation: Please enter your user name and password)

This obviously is where I've to authorize myself as DBX/Team Admin. Unfortunately I wasn't able to find anything in the documentation that this particular authorization is needed at all, since I do provide a valid app "Bearer" token. So my question is: Is this the normal behavior? 

This applies to all endpoints where I try to tamper with one of the team folders (like adding members).

IMHO this happens:

Authorization as a user is always done using "Basic" authorization method with "username:password" as Base64 string.

So, this might be the problem. But again, why above popup appears? IMHO this is wrong!

Any suggestions? Thank you & Doswidania 🙂

Jan

Hi Sdrawko, hi Greg,

@Sdrawko:
If you read my post carefully, I never meant that you're Russian 🙂 I just learned the cyrillic alphabet as side effect when learning Russian at school.
And, I know that some baltic countries (and maybe others) also use the cyrillic alphabet. But even in such country you have a chance to communicate using Russian. 
Anyway I've to sincerely apologize for the confusion.

Back to business:
I'm using HTTP endpoints only (using REST calls) so no "real" SDK will apply.
The programming language I use is called "ABAP Objects", which is SAP only.

Example:
Endpoint https://api.dropboxapi.com/2/sharing/add_folder_member

In order to add a user to that folder I have to use the "Dropbox-API-Select-Admin: <TEAM_MEMBER_ID>" header parameter as stated here:
https://www.dropbox.com/developers/documentation/http/documentation#sharing-add_folder_member

curl example using the admin authorization is here:
https://www.dropbox.com/developers/reference/auth-types#admin-authentication

curl -X POST "https://api.dropboxapi.com/2/users/get_current_account" \
--header "Authorization: Bearer <OAUTH2_ACCESS_TOKEN>" \
--header "Dropbox-API-Select-Admin: <TEAM_MEMBER_ID>"

I'm performing the following steps:
- create REST API class instance
- open http connection
- fetch new oauth2 token using my secret refresh token (refresh token was generated when authorizing the app the first time) and set header field
->http header field = "Authorization: Bearer <oauth2 token>"
- create header field for admin authorization
->http header field = "Dropbox-API-Select-Admin: dbmid<my team member id>"
- create "request" class instance
- set "Content-Type" to "application/json" via request class (this actually generates the corresponding "Content-Type" header parameter)
- build json string with info about new user, team folder etc.
- set json as request data
- make POST request
- create "response" class instance
- get server response & status
- evaluate response & status
- close http connection

All these steps work flawlessly making REST calls to other endpoints (without admin auth.).
Unfortunately there seems to be no useful example in the documentation making use of the "Dropbox-API-Select-Admin" parameter.
At least I wasn't able to find one.

So, please understand: I cannot see any reason why I'm getting this popup, since I DO send a Bearer token.
Here's the ABAP-Objects code with some comments:
...
IF lo_rest_client IS BOUND. "check if class instance has been created
"lo_auth is an instance of a class which handles oauth2 tokens
lo_auth->get_bearer_auth_name_value( IMPORTING es_bearer_auth = ls_auth_bearer ). "fetch new oauth2 token (or use last token if not expired)
IF ls_auth_bearer IS NOT INITIAL.
lo_rest_client->set_request_header( iv_name = ls_auth_bearer-name "Authorization
                                                             iv_value = ls_auth_bearer-value ). "Bearer <oauth2 token>
lo_rest_client->set_request_header( iv_name = /karon/cl_dropbox_co=>mc_dbx_par_api_select_admin "Dropbox-API-Select-Admin
                                                             iv_value = lv_dbx_team_admin ). "dbmid:<team member id>
lo_rest_client->set_request_header( iv_name = /karon/cl_dropbox_co=>mc_url_par_request_uri "~request_uri
                                                             iv_value = `/2/sharing/share_folder` ).
lo_request_entity = lo_rest_client->create_request_entity( ).
lo_request_entity->set_content_type( iv_media_type = /karon/cl_dropbox_co=>mc_content_json ). "application/json
lo_request_entity->set_string_data( iv_data = lv_json ). "json string with parameters
lo_rest_client->post( io_entity = lo_request_entity ).
...

The only reason why I'm sending a Basic token is as response of the authorization popup I'm constantly getting.
IMHO the question is not why I'm getting an error (which is pretty much clear), but why this popup appears.

REST calls to endpoints which require the "Dropbox-API-Select-User" parameter also work without a hitch.

Best regards,
Jan

Hi Greg, hi Sdrawko,

many thanks for your most valuable help. Indeed, the source of the popup was our SAP system and I was able to rectify the problem.

So, please excuse my ignorance by thinking that had been a DBX issue 🙂

But - as the API call seems to work in principle - I'm getting another error:

{"error_summary": "no_permission/
", "error": {"
tag": "no_permission"}, "user_message": {"locale": "de", "text": "Sie sind nicht berechtigt, diese Aktion durchzuf\u00fchren
"}}

Translation: Sie sind nicht berechtigt, diese Aktion durchzuf\u00fchren -> You're not authorized to perform this action

I've no clue why I'm getting this error. I'm admin and also have reauthorized my app after updating the app permissions. (BTW this wasn't mentioned in the documention, but I've found a thread in this forum regarding that issue.)

Also, since I've created this folder via REST call "/2/team/team_folder/create"

I should be owner of the folder and have all the rights. And, again, my app has all permission checkboxes ticked.

How should I proceed?

Thank you and best regards,

Jan