Discuss Dropbox Developer & API
i created an app using dropbox access token for my wordpress website but when i right click on the website page I can see the access token.
If someone has access to this access token, will they be able to access my dropbox and its files ?
Yes, an access token enables access to an account via the Dropbox API to the extent allowed by the app's permission. For this reason, you should never share or expose an access token for your own account to others users. Users should only ever have access to their own access token(s).
Given that your access token has been published, I recommend revoking it.
For the functionality you're looking for, you can instead have the users upload to your own server first, and then upload to Dropbox from your server. That way, the access token only needs to exist on your server, not exposed to the end-users.
Alternatively, you could use /2/files/get_temporary_upload_link (again from your server) to pass down a temporary upload link on the page so the file can be uploaded directly from the browser without exposing the access token client-side. (Note that this endpoint is still in preview though.)
Thanks... if I delete the app, will that revoke the access token as well ?
I have deleted the app from my acccount
Yes, deleting the app will also prevent the access token from working.
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!