You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

eni8ma's avatar
eni8ma
Explorer | Level 4
7 months ago

Simple Web App for getting info about a Dropbox Folder Content or File but Authorisation says NO??

Hey there all!

I am quite new to all this. However I have working on a Webflow site that uses xano for the database and wized to run API calls and javascript functionality. 

I am on a Business Plus Account

 

So I was very excited that I could use API calls such as 2/files/list_folder to get a list of content within a directory. I was generating the token and found it strange that I had to keep renewing it but after a quick search I did see you could resolve this.

However now I am actually to implement this and its very difficult for starters but looks its made to prevent my use case since it requires the user to authenticate itself through Dropbox website.

Now as mentioned this is a team space and this is an internal web app. I would ideally like to have the authorisation done in the backend. Not pushing the user to authenticate themselves to see the contents of the files through my web app. 

I am happy to use any method that would enable this. I did see something about 'offline' access but I dont fully understand this. Could anyone please point me towards the right direction?

Kind regards

  • Hi eni8ma,

    Yes, it's possible to pre-generate needed data (primarily refresh token) and latter use it. Keep in mind that you have to avoid credentials exposing (either access or refresh token) while your application works (that would be security issue). Take care with that part of design! Example of refresh token generation by yourself may be seen here. Once you have it, you can initialize one of Dropbox SDKs of your choice and proceed further without further user interaction. Also, you can perform API calls on your own (without official SDK), but you should take care to refresh access token as described (all SDKs do this internally) - the choice is yours. 😉

    Hope this clarifies matter.

  • Здравко's avatar
    Здравко
    Legendary | Level 20

    Hi eni8ma,

    Yes, it's possible to pre-generate needed data (primarily refresh token) and latter use it. Keep in mind that you have to avoid credentials exposing (either access or refresh token) while your application works (that would be security issue). Take care with that part of design! Example of refresh token generation by yourself may be seen here. Once you have it, you can initialize one of Dropbox SDKs of your choice and proceed further without further user interaction. Also, you can perform API calls on your own (without official SDK), but you should take care to refresh access token as described (all SDKs do this internally) - the choice is yours. 😉

    Hope this clarifies matter.

    • eni8ma's avatar
      eni8ma
      Explorer | Level 4

      Thank you so much for your response! 

      This gives me hope indeed, looks like I could actually implement this. Will try it out and thanks for the link, there is quite a in depth tutorial to do this so again thanks!

    • eni8ma's avatar
      eni8ma
      Explorer | Level 4

      Hello again, I was hoping you help with trying to get this to work a bit.

      I keep getting the following error: {"error":"unsupported_grant_type","error_description":"missing required field \"grant_type\""}

      I tried a few different options with the help of Chat GPT but it keeps giving me this, my app key and secret are valid also my access code has been generated and its entered correctly too!




      • Здравко's avatar
        Здравко
        Legendary | Level 20

        eni8ma, You don't need to implement that part if it isn't needed on client side. So skip that part and use curl instead.

        It's not a good idea usage of any AI, by the way!!! Does your own intelligence miss? 🙂😁😉

    • eni8ma's avatar
      eni8ma
      Explorer | Level 4

      Ok, it does make sense so I can just do the initial setup and let the refresh tokens run periodically. Thanks for the links!