hi everyone, am trying to use the new API of Dropbox, but I am having some difficulties. I did however create an app console on personal free dropbox ACC, and I got the needed information (Appkey, App Secret,...) in order to generate auth2, and I downloaded the example located in (dropbox-sdk-dotnet\examples\simpleTest\) on GitHub.I only change the following but it keeps giving error "Acees denied":private const string ApiKey = @"xxxxxxxx";private const string LoopbackHost = "https://www.dropbox.com/oauth2/";please explain to me if the link I have used is correct, and is there any other info that I need to provide??thank you in advance

admsho wrote:...I only change the following but it keeps giving error "Acees denied":...private const string LoopbackHost = "https://www.dropbox.com/oauth2/";please explain to me if the link I have used is correct, and is there any other info that I need to provide??...Hi admsho,Hmm... 🤔 Are you the domain "www.dropbox.com" admin and can you (your script actually) set a hook there to handle your loopback call? I seriously doubt it's so! If you don't have access to and not able to register web hook on the domain, that's where your "Access denied" comes from. 😁 Don't try to do something on a place you don't have access to; for sure will meet access denied or something like.Why are you going to change the preset Loopback host there? 🧐 For user applications it's the best choice - your script usually has access to the local machine. 😉 Only on some server script a change may be needed (only change URI to owned domain would work though - a domain your script can control).Don't forget to set the actual app ID/key on your source too (not just "xxxxx" - just a placeholder by itself).One more thing: Consider usage of refresh token too (offline access request). Only such authorization type would give you long term access if you're planning to use your script for longer than few hours (4 hours more precisely).Good luck.

hi, Thank you for your feedback,am still not sure what should be the loop URL, but I put it back as it is original shape , and I placed my App key instead of the "xxxxxxx", so I have the code header like that:private const string ApiKey = @"xxxxxxxxxxx"; private const string LoopbackHost = "http://127.0.0.1:52475/"; private readonly Uri RedirectUri = new Uri(LoopbackHost + "AUTHORIZE"); // URL to receive access token from JS.private readonly Uri JSRedirectUri = new Uri(LoopbackHost + "TOKEN");//but I get the following we page result: I'm not sure what do I miss, especially that I don't know where should I place the "App Secret"please explain with more details if it is possible

admsho wrote:...private const string LoopbackHost = "http://127.0.0.1:52475/";...but I get the following we page result:...Hi again admsho,The result you got shows that your LoopbackHost value isn't registered In the OAuth2 RedirectURIs list of your application. Something mandatory and noted in documentation but skipped by you (something noted in the error message itself). Register your LoopbackHost value there and that error message will gone. admsho wrote:..., especially that I don't know where should I place the "App Secret"...With this very basic authentication way, you're using (used in the example), you don't need the "App Secret" actually. It would be needed only when/if you use authentication with code in non PKCE flow (PKCE uses dynamic secret and doesn't need App Secret or least it's not mandatory there). The flow used isn't recommended in production cause some security weaknesses. The best supported case is PKCE authentication flow, with access type set to offline (refresh token usage), something I advised you to move to.Hope this sheds additional light. Edit: Opp... My mistake. You should register RedirectUri value instead of LoopbackHost (i.e. http://127.0.0.1:52475/authorize ) - the actual passed value.

admsho As Здравко noted, you need to register the redirect URI(s) for your app. You can do so via the "OAuth 2" "Redirect URIs" section of the app's page on the App Console.

hi, Thank you for your patience, It works and it asked me to allow access to my business ACC, but then it shows that. do I need to have a public IP??

Api error access denied | The Dropbox Community

Здравко
Legendary | Level 20
2 years ago
admsho wrote:
...
I only change the following but it keeps giving error "Acees denied":
...
private const string LoopbackHost = "https://www.dropbox.com/oauth2/";
please explain to me if the link I have used is correct, and is there any other info that I need to provide??
...
Hi admsho,
Hmm... 🤔 Are you the domain "www.dropbox.com" admin and can you (your script actually) set a hook there to handle your loopback call? I seriously doubt it's so! If you don't have access to and not able to register web hook on the domain, that's where your "Access denied" comes from. 😁 Don't try to do something on a place you don't have access to; for sure will meet access denied or something like.
Why are you going to change the preset Loopback host there? 🧐 For user applications it's the best choice - your script usually has access to the local machine. 😉 Only on some server script a change may be needed (only change URI to owned domain would work though - a domain your script can control).
Don't forget to set the actual app ID/key on your source too (not just "xxxxx" - just a placeholder by itself).
One more thing: Consider usage of refresh token too (offline access request). Only such authorization type would give you long term access if you're planning to use your script for longer than few hours (4 hours more precisely).
Good luck.
- admsho
  Explorer | Level 3
  2 years ago
  hi, Thank you for your feedback,
  am still not sure what should be the loop URL, but I put it back as it is original shape , and I placed my App key instead of the "xxxxxxx", so I have the code header like that:
  private const string ApiKey = @"xxxxxxxxxxx";
  
  private const string LoopbackHost = "http://127.0.0.1:52475/";
  
  private readonly Uri RedirectUri = new Uri(LoopbackHost + "AUTHORIZE");
  // URL to receive access token from JS.
  private readonly Uri JSRedirectUri = new Uri(LoopbackHost + "TOKEN");//
  but I get the following we page result:
  
  I'm not sure what do I miss, especially that I don't know where should I place the "App Secret"
  please explain with more details if it is possible
  - Здравко
    Legendary | Level 20
    2 years ago
    admsho wrote:
    ...
    private const string LoopbackHost = "http://127.0.0.1:52475/";
    ...
    but I get the following we page result:
    ...
    Hi again admsho,
    The result you got shows that your LoopbackHost value isn't registered In the OAuth2 RedirectURIs list of your application. Something mandatory and noted in documentation but skipped by you (something noted in the error message itself). Register your LoopbackHost value there and that error message will gone.
    
    admsho wrote:
    ..., especially that I don't know where should I place the "App Secret"
    ...
    With this very basic authentication way, you're using (used in the example), you don't need the "App Secret" actually. It would be needed only when/if you use authentication with code in non PKCE flow (PKCE uses dynamic secret and doesn't need App Secret or least it's not mandatory there). The flow used isn't recommended in production cause some security weaknesses. The best supported case is PKCE authentication flow, with access type set to offline (refresh token usage), something I advised you to move to.
    Hope this sheds additional light.
    
    Edit: Opp... My mistake. You should register RedirectUri value instead of LoopbackHost (i.e. http://127.0.0.1:52475/authorize ) - the actual passed value.

Forum Discussion

Api error access denied

About Discuss Dropbox Developer & API

Related Content

Re: Error 500 when trying to access the Dropbox website

Access denied error, when trying to access Sign link.

Re: Not receiving the 6-digit security code

Error con almacenamiento

Re: I'm getting a parsing error when previewing files, why?

Recent Discussions

Getting the files (svgs and images) in a public Dropbox folder

How do we know if a file is encrypted or not via API?

Welcome to the Dropbox Developer Community!

Sharing folders to users with viewer still permits downloads

Cannot set expire settings for sharing_create_shared_link_with_settings