You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
New Dropbox API Updates
Hello Greg-DB I received an email from Dropbox - Action Required: Important Dropbox API Updates. I have an existing Dropbox app that uses old way of scopes/permissions and long-lived access tok...
1A) The creation of new long-lived access tokens is now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s). You do not need to have these existing users re-authorize the app.
1B) For new users, you should use the new short-lived access token and refresh token functionality. You can find more information in the OAuth Guide and authorization documentation. You do not technically need to store the short-lived access tokens, only the refresh tokens, since you can use the refresh tokens to get new short-lived access tokens on demand.
Refresh tokens do not expire by themselves, unless/until revoked, e.g., by the app or user. If a refresh token is revoked, you should send the user through the authorization flow to get a new one, if they wish to continue using the integration. (This is just like with revoked long-lived access tokens.)
2A) Migrating to scopes does not impact existing access tokens. Existing access tokens will continue to have whatever permission they were originally granted.
You should migrate your app to scopes and select only the scopes needed for your app. You can migrate your app using the "Permissions" tab of the app's page on the App Console. You can see which scope is required for each endpoint in the API documentation.
Greg-DB
Dropbox Staff
Dropbox Staff1A) The creation of new long-lived access tokens is now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s). You do not need to have these existing users re-authorize the app.
1B) For new users, you should use the new short-lived access token and refresh token functionality. You can find more information in the OAuth Guide and authorization documentation. You do not technically need to store the short-lived access tokens, only the refresh tokens, since you can use the refresh tokens to get new short-lived access tokens on demand.
Refresh tokens do not expire by themselves, unless/until revoked, e.g., by the app or user. If a refresh token is revoked, you should send the user through the authorization flow to get a new one, if they wish to continue using the integration. (This is just like with revoked long-lived access tokens.)
2A) Migrating to scopes does not impact existing access tokens. Existing access tokens will continue to have whatever permission they were originally granted.
You should migrate your app to scopes and select only the scopes needed for your app. You can migrate your app using the "Permissions" tab of the app's page on the App Console. You can see which scope is required for each endpoint in the API documentation.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
