You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
ZeeshanFayyaz_1
7 years agoHelpful | Level 6
Mobile Application(IOS and Android)
Hi there, currently i am working on mobile application for an organization whose requirement are as follow 1. All employees have installed company app on their smart phone i-e android and ios. With...
- 7 years ago
The issue is that client-side applications can't keep secrets, meaning that any access token stored in a distributed app, or even just sent to the app at any time, could be extracted. That means that a malicious user could get the access token, and use it to access the Dropbox API directly, bypassing any access controls your app attempted to enforce. (E.g., they could download files.)
However, if you have your own server and are willing to use that as an intermediary, you do have more options. You could have the app call to your server, and have your server call the Dropbox API. That way, you can protect your access token on the server.
In that case, you can either:
a) have the mobile apps upload to your server, and then have the server upload to Dropbox (e.g., to /2/files/upload).
b) have the mobile apps call your server, have the server call /2/files/get_temporary_upload_link, and return the resulting upload link to the app. The app could then upload directly to Dropbox using the link. (Note that /2/files/get_temporary_upload_link is still in preview though.)
- 7 years ago
Thanks for your time, Actually i was busy these days that why i am writing late to you. I have noticed the main point here, i have found your answer very helpful i will discuss these points with the organization i am working and get back to you, for now i am marking your answer as "Best Answer". Once again Thanks for your time
ZeeshanFayyaz_1
Helpful | Level 6
what if i call my custom api for access token then use that token for to upload files
Another point here is "We are only providing to upload files functionality not to fetch it again"
Greg-DB
7 years agoDropbox Staff
The issue is that client-side applications can't keep secrets, meaning that any access token stored in a distributed app, or even just sent to the app at any time, could be extracted. That means that a malicious user could get the access token, and use it to access the Dropbox API directly, bypassing any access controls your app attempted to enforce. (E.g., they could download files.)
However, if you have your own server and are willing to use that as an intermediary, you do have more options. You could have the app call to your server, and have your server call the Dropbox API. That way, you can protect your access token on the server.
In that case, you can either:
a) have the mobile apps upload to your server, and then have the server upload to Dropbox (e.g., to /2/files/upload).
b) have the mobile apps call your server, have the server call /2/files/get_temporary_upload_link, and return the resulting upload link to the app. The app could then upload directly to Dropbox using the link. (Note that /2/files/get_temporary_upload_link is still in preview though.)
- ZeeshanFayyaz_17 years agoHelpful | Level 6
Thanks for your time, Actually i was busy these days that why i am writing late to you. I have noticed the main point here, i have found your answer very helpful i will discuss these points with the organization i am working and get back to you, for now i am marking your answer as "Best Answer". Once again Thanks for your time
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,915 PostsLatest Activity: 20 hours agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!