You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

robobooga's avatar
robobooga
Explorer | Level 4
5 years ago

Proper way of handling APP KEY and APP SECRET

Hi there, as per the title, if my application is to be shipped to the customer, how am I supposed to properly handle the use of APP_KEY and APP_SECRET in the app itself for authentication?   Curr...
API
Greg-DB's avatar
Greg-DB
Icon for Dropbox Staff rankDropbox Staff
5 years ago

The app key is considered public and does not need to be protected. The app secret should ideally be kept private though.

 

For server-side apps, such as web apps, this is possible since the app secret can be kept on the server only. In client-side apps, it's not possible to secure secrets unfortunately. Instead, you can avoid including the app secret entirely. For client-side apps, you can use the OAuth 2 "token" flow, which doesn't require the use of the app secret. You can find more information on that in the Dropbox OAuth 2 documentation.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,916 PostsLatest Activity: 51 minutes ago
333 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!