cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
We are making some updates so the Community might be down for a few hours today. Apologies for the inconvenience and thank you for your patience. You can find out more here.

Discuss Dropbox Developer & API

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DropBox API - token is short lived, why?

Labels:

DropBox API - token is short lived, why?

KostyaVasilyev
New member | Level 2
‎04-14-2023 01:47 PM
Go to solution

I'm trying to set up access to DropBox for some "enterprisey" tasks (we have a shared DropBox workspace where I work).

 

I've registered an OAuth2 app and went through https://www.dropbox.com/oauth2/authorize to get an authorization code and then used POST to https://api.dropbox.com/oauth2/token to exchange the code for a token.

 

Question:

 

The access token starts with "sl." which as I understand means is a short-lived token. There is an "expires_in: 14400" stanza which is 4 hours.

 

How can I get a non-expiring, permanent token?

 

My app is in "Development" status - is that why? I was not planning to apply for Production status because the "app's" only purpose is to get an access token, but if that's why, then I will have to.

 

Any recommendations?

 

Labels:
  • 0 Likes
  • 2 Replies
  • 1,237 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎04-14-2023 02:09 PM
Go to solution

Dropbox is no longer offering the option for creating new long-lived access tokens. Dropbox is now issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here. This applies whether the app is in development or production status.

Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

View solution in original post

0 Likes
2 Replies 2

Greg-DB
Dropbox Staff
‎04-14-2023 02:09 PM
Go to solution

Dropbox is no longer offering the option for creating new long-lived access tokens. Dropbox is now issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here. This applies whether the app is in development or production status.

Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

0 Likes

KostyaVasilyev
New member | Level 2
‎04-14-2023 03:29 PM
Go to solution

Thank you Greg.

 

Just tried adding token_access_type=offline to the authorization request and indeed got a refresh token.

 

I have used OAuth2 before so know what to do next.

 

Cheers!

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    KostyaVasilyev New member | Level 2
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?