You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
ralph86
8 years agoExplorer | Level 3
API v2 access token validity
Hi,
We're upgrading from v1 to v2 and the new oauth2 is still not clear to me.
On the API documentation pages it says that the code authorization flow gives you the access token (after you used the given code) and there is also told about a refresh token? That implies that the access code now has a expiration date? I hope not.
I thought that the access tokens (for use as authorization bearer) were valid until revoked by user?
So where are the refresh tokens for or are they optional? Can we just use the access tokens and use that until our customer revokes access? If not, how does the refresh tokens work? Please give some PHP / cURL examples if the refresh tokens are required.
Thank you in advance!
- The Dropbox API OAuth 2 implementation does not use refresh tokens. (Can you link to the part of the documentation that was confusing? We can look into clarifying it.)
Dropbox API OAuth 2 access tokens don't expire, but can be revoked at any time by the user or app.
Note that "authorization codes" are different, and do expire after a few minutes. They should only be used immediately once to get an access token.
- Greg-DBDropbox StaffThe Dropbox API OAuth 2 implementation does not use refresh tokens. (Can you link to the part of the documentation that was confusing? We can look into clarifying it.)
Dropbox API OAuth 2 access tokens don't expire, but can be revoked at any time by the user or app.
Note that "authorization codes" are different, and do expire after a few minutes. They should only be used immediately once to get an access token.- ralph86Explorer | Level 3
Thanks, clear!
I don't know where the specific page is located (I just browsed the docs).
Another thing that isn't clear to me yet is the authorization page, the link differs in the doc.This page says:
https://www.dropbox.com/1/oauth2/authorize?
Page: https://www.dropbox.com/developers/reference/oauth-guideWhile this page says:
https://www.dropbox.com/oauth2/authorizePage: https://www.dropbox.com/developers/documentation/http/documentation
What's the difference?
Thanks again!
- Greg-DBDropbox StaffThose two are effectively the same. The first one was built with API v1, but we added another route without that part of the URL since it can be used for both API v1 and API v2. You should use the second one, without the /1/.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,915 PostsLatest Activity: 6 years agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!