You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
novaut
3 years agoExplorer | Level 4
I'm struggleing to download a single file from the API
Hello there,
I'm struggleing to download a single file from the API.
I'm supplying the app key and secret for App Authentication but I'm getting this error:
Error in call to API funct...
- 3 years ago
novaut wrote:...
One question for how long refresh_token is alive? Is it long-lived?
...
Hi novaut,
Yes, it's long lived token. The refresh token remains valid till explicit revoke either from application itself or user that granted access for your application to its data.
novaut wrote:...
I successfully got the file from Dropbox using the refresh_token and it doesn't ask for http authentication 🙂
...
You make me doubt you have understand everything correctly. You can download a file only with access token authentication, not directly with refresh token!!! The refresh token helps you keep receiving valid access token without further user actions. 😉 Hope this was just a confusion while typing.
Good luck.
Greg-DB
3 years agoDropbox Staff
novaut To download a file, it is correct to use the /2/files/download endpoint. You can find the information for using that endpoint in the documentation for /2/files/download here. As shown there, that endpoint supports "User Authentication", but not "App Authentication". There's also an curl example for that endpoint in endpoint documentation.
For reference, the "Authentication types" page lists different types that are used by different endpoints of the Dropbox API, but not every endpoint supports every type. The examples under each type show some example(s) of an endpoint which do support that type. For instance, the examples under "App Authentication" show the use of /2/files/get_thumbnail_v2, which does support App Authentication, but not /2/files/download.
So, to call /2/files/download, you need to use "User Authentication", which requires the an OAuth 2 access token as a "Bearer" token. It's not possible to successfully call /2/files/download using an app key/secret as "Basic" authorization.
And as Здравко noted, you need to authorize the app manually once, after which you can use the (short-lived) access token and refresh token. The "authorization code" can only be used once, in the process of retrieving the access token and refresh token. The refresh token doesn't expire automatically though, and can be re-used repeatedly without manual intervention to retrieve new short-lived access tokens whenever needed. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.
- Здравко3 years agoLegendary | Level 20
Greg-DB wrote:... For instance, the examples under "App Authentication" show the use of /2/files/get_thumbnail_v2, which does support App Authentication, ...
🤔 Hm.. really... let's see this ' for instance':
curl -X POST "https://content.dropboxapi.com/2/files/get_thumbnail_v2" -u "<APP_KEY>:<APP_SECRET>" \ --header "Dropbox-API-Arg: {\"resource\": {\".tag\": \"path\",\"path\": \"/a.docx\"},\"format\": \"jpeg\",\"size\": \"w64h64\",\"mode\": \"strict\"}"
curl -X POST "https://<APP_KEY>:<APP_SECRET>@content.dropboxapi.com/2/files/get_thumbnail_v2" \ --header "Dropbox-API-Arg: {\"resource\": {\".tag\": \"path\",\"path\": \"/a.docx\"},\"format\": \"jpeg\",\"size\": \"w64h64\",\"mode\": \"strict\"}"
curl -X POST "https://content.dropboxapi.com/2/files/get_thumbnail_v2" \
--header "Authorization: Basic <base64(APP_KEY:APP_SECRET)>" \ --header "Dropbox-API-Arg: {\"resource\": {\".tag\": \"path\",\"path\": \"/a.docx\"},\"format\": \"jpeg\",\"size\": \"w64h64\",\"mode\": \"strict\"}"Which one is correct? 🧐 If any...
... Where is the error? 🙋
- Greg-DB3 years agoDropbox Staff
Здравко Those three examples show three different ways of supplying the app key and secret to curl. I seems you're hinting that the calls overall don't make sense otherwise though as the use of the "path" in the sample parameters won't work for app authentication in particular. I'll ask the team to fix that up.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,882 PostsLatest Activity: 8 hours agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!