You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

The D.4's avatar
The D.4
New member | Level 1
10 years ago

Hidding app_key and app_secret inside a possible desktop app

I have build a desktop app that will be distributed to any user who likes to use it. How do I use the core api (with python) to hide the both keys assigned by Dropbox for the app I made? Seems to ...
API
Greg-DB's avatar
Greg-DB
Icon for Dropbox Staff rankDropbox Staff
10 years ago

This is an issue inherent to using OAuth 1 with a client-side app. If you're using OAuth 1, this is unavoidable. You can try to obfuscate the keys to make it difficult, but you can't make it impossible to extract them. If they are extracted, this doesn't itself enable access to user data though, it would just let someone else impersonate your app.

With OAuth 2, you can use the "token" a.k.a. "implicit" flow, which doesn't require the use of the secret anyway:

https://www.dropbox.com/developers/core/docs#oa2-authorize

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,917 PostsLatest Activity: 11 days ago
334 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!