You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

MarciB's avatar
MarciB
New member | Level 2
4 years ago

No more long-lived access tokens, whats the best strategy for own account usage?

Hi all, 

 

out situation looks like the following:

we are simply sending the file to the upload url by dropbox providing an long lived access token to OUR account. But this is not going to work starting end of september, since long lived access tokens are not supported anymore. 

 

To fix that, we wanted to implement the recommended PKCE flow until it dawned us, that via this way users would need to give permission for OUR account, which is not what we want. Also granting this access and then saving the refresh token as long lived token to get an access token from doesn't seem like the way to go, more of a hackjob.

 

Does anybody know what the recommended solution for this scenario is? Working with short-lived tokens but also not having to let the user give the permission for OUR account and not theirs. 

 

Greetings MarciB

  • While the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption. You are not required to migrate existing long-lived access tokens to short-lived access tokens. Note though that after the change you won't be able to create new long-lived access tokens.

     

    In your case, if you did want or need to migrate (e.g., if you accidentally revoked your long-lived access token after the change), you would need to process the app authorization flow for your own account once, and store the resulting refresh token, so the app can programmatically use it to get short-lived access tokens for your own account as needed.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    While the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption. You are not required to migrate existing long-lived access tokens to short-lived access tokens. Note though that after the change you won't be able to create new long-lived access tokens.

     

    In your case, if you did want or need to migrate (e.g., if you accidentally revoked your long-lived access token after the change), you would need to process the app authorization flow for your own account once, and store the resulting refresh token, so the app can programmatically use it to get short-lived access tokens for your own account as needed.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,910 PostsLatest Activity: 4 days ago
333 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!