You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
D658
6 years agoExplorer | Level 3
Will there be an "&&" in Token string?
Hi, there.
I am building a http connection with Dropbox, and I am using "post" to post data to https://content.dropboxapi.com
For now, my code is working.
1):But I want to ask, if there is an...
- 6 years ago
1) We don't have a documented guarantee of the exact format of Dropbox OAuth 2 access tokens, but the current implementation does not use "&".
2) You can create and use multiple access tokens for the same app-user pair. Clicking "Generate" a second time will not invalidate the first access token.
3) An access token is all that is required to access an account, to the extent allowed by the corresponding app's permission level. You do not need to provide any additional information or certificate. Note that all Dropbox API calls do require TLS (i.e., as you can see from the https:// in your call, for instance), but that is all generally handled automatically for you.
Dropbox API OAuth 2 access tokens currently don't expire automatically, though they can be revoked.
Users can manually revoke tokens themselves, e.g. via:
https://www.dropbox.com/account/connected_apps
Apps can also revoke access tokens via:
https://www.dropbox.com/developers/documentation/http/documentation#auth-token-revoke
This being the case, you only need to process the authorization once, and save the access token for all future calls for that user. If an existing access token is invalid, (in which cases calls will return 401) you should prompt the user to re-authorize your app.
Greg-DB
6 years agoDropbox Staff
1) We don't have a documented guarantee of the exact format of Dropbox OAuth 2 access tokens, but the current implementation does not use "&".
2) You can create and use multiple access tokens for the same app-user pair. Clicking "Generate" a second time will not invalidate the first access token.
3) An access token is all that is required to access an account, to the extent allowed by the corresponding app's permission level. You do not need to provide any additional information or certificate. Note that all Dropbox API calls do require TLS (i.e., as you can see from the https:// in your call, for instance), but that is all generally handled automatically for you.
Dropbox API OAuth 2 access tokens currently don't expire automatically, though they can be revoked.
Users can manually revoke tokens themselves, e.g. via:
https://www.dropbox.com/account/connected_apps
Apps can also revoke access tokens via:
https://www.dropbox.com/developers/documentation/http/documentation#auth-token-revoke
This being the case, you only need to process the authorization once, and save the access token for all future calls for that user. If an existing access token is invalid, (in which cases calls will return 401) you should prompt the user to re-authorize your app.
- D6586 years agoExplorer | Level 3
You saved me. Thank you very much.
About Discuss Dropbox Developer & API
Make connections with other developers
797 PostsLatest Activity: 2 days agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!