You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
useparagon
2 years agoExplorer | Level 3
Dropbox sign refresh token getting expire after 1 hour
Hello,
I have successfully implemented the authentication flow for the Dropbox Sign API and obtained the initial access token and refresh token. However, I noticed that the refresh token expires af...
DB-Des
Dropbox Engineer
For security reasons, the access tokens have a short TTL, not refresh tokens.
Feel free to reference Dropbox Sign's API OAuth Walkthrough for details on how to obtain another access token.
useparagon
2 years agoExplorer | Level 3
Thanks for the quick reply, I understand that access tokens have a short lifespan and refresh tokens have a large lifespan but in my case, both tokens seem to work fine for 1 hour. If I try to refresh the access token after 1 hour I am simply getting the error that I have mentioned above in the conversation.
- DB-Des2 years agoDropbox Engineer
Did you get a chance to read over the documentation for Dropbox Sign's OAuth workflow?
Only reason I'm asking is because the samples you provided include endpoints not related to Dropbox Sign API, with parameters that seem to be for Dropbox API's OAuth workflow and not Dropbox Sign's.
For example, your authUrl :
authUrl='https://app.hellosign.com/oauth/authorize?response_type=code&client_id=12345678&redirect_uri=redirect-url&token_access_type=offline&state=121324234'
is using endpoint /oauth/authorize which is not an endpoint for Dropbox Sign API. Also, the query parameters are not relevant to Dropbox Sign — except for client_id and state.
Additionally, the body you are sending on your request:
--data '{ "code": "code", "grant_type": "authorization_code", "redirect_uri": "redirect_uri", "client_id": "client_id", "client_secret": "client_secret" }'
is missing the state parameter. Also redirect_uri is not relevant to Dropbox Sign.
I would recommend attempting the following cURL command to generate an access token:
curl -X POST 'https://app.hellosign.com/oauth/token' \ -u 'YOUR_API_KEY:' \ -F 'client_id=YOUR_CLIENT_ID' \ -F 'state=state' \ -F 'code=code' \ -F 'grant_type=authorization_code' \ -F 'client_secret=client_secret'
And the following to generate a new access token, when needed:
curl -X POST 'https://app.hellosign.com/oauth/token?refresh' \ -u 'YOUR_API_KEY:' \ -F 'grant_type=refresh_token' \ -F 'refresh_token=refresh_token'
If you are still receiving errors from Sign's API OAuth endpoints. Go ahead and contact our support team, from the email you are using to test Dropbox Sign's API, so they can further troubleshoot.
About Dropbox Sign API
17 PostsLatest Activity: 23 days ago
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!