We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.

Forum Discussion

novaut's avatar
novaut
Explorer | Level 4
3 years ago

I'm struggleing to download a single file from the API

Hello there,

 

I'm struggleing to download a single file from the API.

 

I'm supplying the app key and secret for App Authentication but I'm getting this error:

Error in call to API function "files/download": Invalid authorization value in HTTP header "Authorization""Basic YWFhYWFhYWFhYWFhYWFhOmJiYmJiYmJiYmJiYmJiYg==".  Expecting "Bearer <oauth2-access-token>".

 

I'm following the App Authentication example from https://www.dropbox.com/developers/reference/auth-types#app

 

Why it doesn't work? I just want to use the API in a simple way.

 

Thanks and all the best 🙂


  • novaut wrote:

    ...

    One question for how long refresh_token is alive? Is it long-lived? 

    ...


    Hi novaut,

    Yes, it's long lived token. The refresh token remains valid till explicit revoke either from application itself or user that granted access for your application to its data.

     


    novaut wrote:

     ...

    I successfully got the file from Dropbox using the refresh_token and it doesn't ask for http authentication 🙂

    ...


    You make me doubt you have understand everything correctly. You can download a file only with access token authentication, not directly with refresh token!!! The refresh token helps you keep receiving valid access token without further user actions. 😉 Hope this was just a confusion while typing.

    Good luck.

  • Здравко's avatar
    Здравко
    Legendary | Level 20

    novaut wrote:

    ...

    I'm following the App Authentication example from https://www.dropbox.com/developers/reference/auth-types#app

     

    Why it doesn't work? I just want to use the API in a simple way.

    ...


    Hi novaut,

    Wow, wow, wow... 😁 I haven't seen this big fault of Dropbox documentation. You can call some API endpoints with application authorization only when public data are handled (i.e. data for links etc). The examples shown there are completely wrong! Application authorization is designated for application confirmation (no some user authentication), that's why you can NOT access any user data in such a way. As noted in your error message for such thing bearer access token is needed (something showing that the particular user grant access to its data) - something you miss. That's why it doesn't work.

    🙂 Another stupid thing is statement:


    ... This can be done either as separate strings, as shown in the first two examples below, or as an base64-encoded Basic authorization string in the Authorization header ...

    The Basic authentication is ALWAYS performed with base64 encoding!!! You can do it explicitly or let curl does it internally. The person typing this documentation needs some tutorials...

    Anyway... since you need user access, you need user authentication too. 😉 You need least access token (as noted there). Keep in mind that such a token is short lived. It's enough for single time use or use in relatively short period of time. If you need to gain access for longer period (without automatic expiration), than refresh token is needed too. You can take a look here how you can manage this.

    Hope this helps.

    • novaut's avatar
      novaut
      Explorer | Level 4

      Hi Здравко,

      Thanks for helping me.

      I need to find an easy way to get the file from my Dropbox account.

      I have API key, API Secret and I can't get the Authorization Code to get the Bearer Token because it asks me to login with my Dropbox username and password.

      How can I do it with a request from my server?

      It's complex to understand.

      Thanks again 🙂

       

       

      • Здравко's avatar
        Здравко
        Legendary | Level 20

        novaut wrote:

        ... it asks me to login with my Dropbox username and password.

        How can I do it with a request from my server?

        ...


        Hm... 🤔 Sometime ago was an option to generate long lived access token for long term access. Unfortunately, since long lived access token is retired already, no way to generate credentials for long term access in such a way (not yet at least). That's why you need to login once (at least) to create your credentials (such login doesn't need to be on the server - you can do it anywhere) and after that you can use available credentials on your server without logging in anymore (the refresh token keeps your granting). 😉 That's it.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    novaut To download a file, it is correct to use the /2/files/download endpoint. You can find the information for using that endpoint in the documentation for /2/files/download here. As shown there, that endpoint supports "User Authentication", but not "App Authentication". There's also an curl example for that endpoint in endpoint documentation.

     

    For reference, the "Authentication types" page lists different types that are used by different endpoints of the Dropbox API, but not every endpoint supports every type. The examples under each type show some example(s) of an endpoint which do support that type. For instance, the examples under "App Authentication" show the use of /2/files/get_thumbnail_v2, which does support App Authentication, but not /2/files/download.

     

    So, to call /2/files/download, you need to use "User Authentication", which requires the an OAuth 2 access token as a "Bearer" token. It's not possible to successfully call /2/files/download using an app key/secret as "Basic" authorization.

     

    And as Здравко noted, you need to authorize the app manually once, after which you can use the (short-lived) access token and refresh token. The "authorization code" can only be used once, in the process of retrieving the access token and refresh token. The refresh token doesn't expire automatically though, and can be re-used repeatedly without manual intervention to retrieve new short-lived access tokens whenever needed. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

    • Здравко's avatar
      Здравко
      Legendary | Level 20

      Greg-DB wrote:

      ... For instance, the examples under "App Authentication" show the use of /2/files/get_thumbnail_v2, which does support App Authentication, ...


      🤔 Hm.. really... let's see this ' for instance':



      curl -X POST "https://content.dropboxapi.com/2/files/get_thumbnail_v2" -u "<APP_KEY>:<APP_SECRET>" \
        --header "Dropbox-API-Arg: {\"resource\": {\".tag\": \"path\",\"path\": \"/a.docx\"},\"format\": \"jpeg\",\"size\": \"w64h64\",\"mode\": \"strict\"}"
      curl -X POST "https://<APP_KEY>:<APP_SECRET>@content.dropboxapi.com/2/files/get_thumbnail_v2" \
        --header "Dropbox-API-Arg: {\"resource\": {\".tag\": \"path\",\"path\": \"/a.docx\"},\"format\": \"jpeg\",\"size\": \"w64h64\",\"mode\": \"strict\"}"
      curl -X POST "https://content.dropboxapi.com/2/files/get_thumbnail_v2" \
      --header "Authorization: Basic <base64(APP_KEY:APP_SECRET)>" \ --header "Dropbox-API-Arg: {\"resource\": {\".tag\": \"path\",\"path\": \"/a.docx\"},\"format\": \"jpeg\",\"size\": \"w64h64\",\"mode\": \"strict\"}"

      Which one is correct? 🧐 If any...

      ... Where is the error? 🙋

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        Здравко Those three examples show three different ways of supplying the app key and secret to curl. I seems you're hinting that the calls overall don't make sense otherwise though as the use of the "path" in the sample parameters won't work for app authentication in particular. I'll ask the team to fix that up.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,877 PostsLatest Activity: 2 hours ago
325 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!