You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Dropbox for Business API Access token login process.
Hi There. I have an iOS apllication written in Objective-C. I have successfully integrated Dropbox API in my app and I can upload and download data from dropox even using the Access Token for it. ...
If you have a Dropbox Business API access token for an app with the "team member file access" permission and want to programmatically access a specific member's account using the Dropbox Objective-C SDK, you should use the DBTeamClient userClientWithMemberId: method. That will give you a DBUserClient you can use to access the user methods, such as listFolder. (It sets the "Dropbox-API-Select-User" header mentioned in the error message you shared.)
That would look like this:
DBTeamClient *teamClient = [[DBTeamClient alloc] initWithAccessToken:ACCESS_TOKEN]; DBUserClient *userClient = [teamClient userClientWithMemberId:memberID]; [[userClient.filesRoutes listFolder:path] setResponseBlock...
The member ID would be the team member ID (which starts with "dbmid:"). You can get those from membersList/membersListContinue, for instance.
Also, note that client-side applications, such as on iOS, can't keep secrets, such as access tokens, from a malicious user. For that reason, we don't recommend sharing/hard-coding access tokens in client-side applications. For example, in your described scenario, one team member could potentially extract the access token and use it to access another member's account.
Greg-DB
Dropbox Staff
Dropbox StaffYou can list all of the members of a team using membersList/membersListContinue. The result will contain each member's team member ID. You can also look up a specific member by email address or external ID using membersGetInfo.
A team member ID itself only identifies a particular member's account on a team. It doesn't itself give access to that member's account. You would need an access token to access an account. An access token for a "Dropbox Business API" app, such as you are using based on the output you shared previously, is for the entire Business team.
Using a Dropbox Business API access token for an app with the "team member file access" permission, you can specify the particular team member account you want to access in particular by specifying the team member ID as in the code in my previous comment. (This is the "member file access" feature documented here.)
End-users generally don't know, and don't have a way in the Dropbox UI, to access their own team member ID. This is something the Business API app should do for them (for instance, using the methods I described at the beginning of this message).
Anyway, since a Dropbox Business API access token enables access to the entire team, we don't recommend distributing it to every team member in client-side applications. It is generally meant to be used server-side, where it can be protected.
Hi Greg-DB ,
So that means using Access token for business admins account and memberID I should be able to access that members folders/directory structure similar to how I do using personal normal access token with same methods(listfolders) correct? Also, I should be able to download and update data/files to these members folders I Specify in members account right?
Also one out of the context question. Is there a way Team Admin can hide/Make other team memebers not see who all are there in their Team? I just dont want other team member to see who are there in their team when they login to their DB account on web.
- Greg-DB
Yes, whether you get a DBUserClient directly from an access token for a specific account, or from an access token for a Business team and then select the team member account as discussed above, the methods for interacting with an account (e.g., to list folders, etc.) are the same.
You can hide certain team members from the directory as covered in the help center here. Note that this won't remove those team members from the member list returned by the API itself, but you can have your app omit those members when using the API result based on TeamMemberProfile.isDirectoryRestricted
Hi Greg-DB ,
Many Thanks for helping me out to understand the process. I have implemented your suggestions and it works as expected.
Regarding hiding team members yes, I followed the steps and the team members are hidden from the other team members.
The only issue is when the team member clicks on the file they can see 1st 3-4 team members list with profile picture and user name. As show in screenshot below top right corner. Is there any way to hide this also?
- Greg-DB
I can only really help with the Dropbox API itself, so for Business/web site questions like this, please contact Business support.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
