You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Bk13
10 months agoExplorer | Level 4
Refresh Token Url
Hi All,
I am using Dropbox HTTP integration and for the refresh token, we are using "https://www.dropbox.com/oauth2/token" EP.
suddenly I got an error for one of our users.
"Error (400)
Something went wrong. Don't worry, your files are still safe and the Dropbox team has been notified. Check out our Status Page to see if there is a known incident, our Help Center and forums for help, or head back to home."
with no extra information.
looking at the documentation I saw that "https://api.dropbox.com/oauth2/token" is a new EP.
should I update the EP?
Can it be that the old URL is working for some of our users but not all?
jaksonjohn The /oauth2/token endpoint is an OAuth endpoint, not a web page, and so should be accessed on api.dropboxapi.com, not www.dropbox.com.
While it's possible that it happened to work on that domain previously, it was never officially meant for that and was not documented as such, and so would not be officially supported on that www domain.
For reference, the official documentation does show (and has shown as far back as I'm aware) that it should be accessed on api.dropboxapi.com.
As such, apps should access that endpoint on api.dropboxapi.com, not www.dropbox.com. Any apps that were using that on www.dropbox.com, even if it happened to work for them previously, should update their code to use the correct api.dropboxapi.com instead.
- Greg-DBDropbox Staff
Bk13 Здравко is correct; the correct endpoint is and has been "https://api.dropboxapi.com/oauth2/token" per the documentation. Apps should not access that endpoint on www.dropbox.com.
- jaksonjohnNew member | Level 2
i think no. the url is to be changed. i have experience in it.
- Greg-DBDropbox Staff
jaksonjohn The /oauth2/token endpoint is an OAuth endpoint, not a web page, and so should be accessed on api.dropboxapi.com, not www.dropbox.com.
While it's possible that it happened to work on that domain previously, it was never officially meant for that and was not documented as such, and so would not be officially supported on that www domain.
For reference, the official documentation does show (and has shown as far back as I'm aware) that it should be accessed on api.dropboxapi.com.
As such, apps should access that endpoint on api.dropboxapi.com, not www.dropbox.com. Any apps that were using that on www.dropbox.com, even if it happened to work for them previously, should update their code to use the correct api.dropboxapi.com instead.
- ЗдравкоLegendary | Level 20
Hi Bk13,
To be honest I have never used the endpoint you used to use, so I have no any idea what's this. Even if that EP ever worked, you have to use the actual EP - /oauth2/token - not something else.
Good luck.
About Discuss Dropbox Developer & API
Make connections with other developers
797 PostsLatest Activity: 21 hours agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!