You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

Emron's avatar
Emron
New member | Level 2
6 years ago

API access token expired

Hi,

i am using some of the http api endpoints to upload or download files. As i saw in the documentation the API access tokens never expire but can only be revoked. For some reason after i use my token for a day or so i get the message "expired_access_token". Then i need to create a new one. Of course i never revoked it manually or from the api.

I have another account where there i don't have any issue. My token is still working after many months. I followed the same process to create both of them but still they are different. The token for my old account is 64 characters long but the new one is 139 and always starts with "sl.".

Am i doing something wrong? Did anything change on how Dropbox is producing access tokens? Thanks in advance for any help.

  • Based on your description, it sounds like you're getting the access token from the "API v2 Explorer". That tool is just meant for prototyping Dropbox API calls, and currently has early access to an upcoming "short-lived access token" feature. That means that, unlike standard Dropbox API access tokens, the access tokens you get from the API Explorer will expire by themselves. (You can identify them by the "sl." prefix you mentioned.)

    To get standard Dropbox API access tokens, you should use your own API app registration. For instance, you can use the "Generate" button on your app's page on the App Console, or use the OAuth app authorization flow with your app.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    Based on your description, it sounds like you're getting the access token from the "API v2 Explorer". That tool is just meant for prototyping Dropbox API calls, and currently has early access to an upcoming "short-lived access token" feature. That means that, unlike standard Dropbox API access tokens, the access tokens you get from the API Explorer will expire by themselves. (You can identify them by the "sl." prefix you mentioned.)

    To get standard Dropbox API access tokens, you should use your own API app registration. For instance, you can use the "Generate" button on your app's page on the App Console, or use the OAuth app authorization flow with your app.

    • ahmed-sharaf's avatar
      ahmed-sharaf
      Helpful | Level 5
      Hello,

      I am facing the same problem which has been resulted from generating access token from "Dropbox API Explorer". The access token become longer and starting with "sl.***".

      I have unlinked the Dropbox API Explorer from the connected apps and tried to generate from App Console but it is still generating the longer tokens and shows me that the token is short-lived one and will expire 4 hours after generation.

      I am not sure where the fault I did else. Could you please help?
      • winkelement's avatar
        winkelement
        Helpful | Level 6

        I'm having the same problem.

        I never used the "Dropbox API Explorer" but every Token i generate via App Console expires after 4 hours.

    • SerenityNow's avatar
      SerenityNow
      New member | Level 2

      I have the same problem and I did use the Generate button in the app console.  Mine also starts with "sl."  I know this is an older question but hopefully someone is monitoring this.

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        SerenityNow Dropbox is no longer offering the option for creating new long-lived access tokens. Dropbox is now issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.

        Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. Refresh tokens do not expire automatically and can be used repeatedly. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

    • Emron's avatar
      Emron
      New member | Level 2

      Thank you very much for taking the time to answer. I tested like an hour ago to create my app and generate token for my app and its working as expected. The token generated is shorter and does not have the prefix "sl". Its the same format as the token i created in the past through the API Explorer. It was my fault to use the token from the API explorer for my requests. Anyway, thanks again for your help!

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,882 PostsLatest Activity: 10 hours ago
325 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!