We're making changes to the Community, so you may have received some notifications - thanks for your patience and welcome back. Learn more here.
Forum Discussion
tkirby926
2 years agoExplorer | Level 3
Allowing Website users to Dynamically create auth tokens and upload/download images
I am searching for a way to implement Dropbox as the data folder for images on my social media site, with api calls made client-side to upload and download images that populate the site. Considering ...
tkirby926
Explorer | Level 3
Thank you very much for your help on this. Looking back, I cannot believe I even asked this question based on the numerous security flaws involved. My plan is to authenticate and upload/download on the server side. For my python backend, I still have the question of how to do this. I may not be understanding everything right, and I apologize for the inconvenience if this is the case, but my understanding is still that the way to receive an authorization code is through clicking the authorization url and manually getting it. I was wondering if there was a way my server code could receive that auth token directly using the python SDK and use it to upload/download, refreshing the code regularly so it does not get stale. I don't see any good solution that would involve clicking the url every 4 hours in my automated app, and it seems foolish to try to implement a bot that would regularly click the link itself and extract the code. Would you suggest having an initial token and then using a refresh token to maintain access on my server? Please let me know the best way to do this, and thank you so much for the help.
Greg-DB
2 years agoDropbox Staff
The OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token does require manual interaction, but this only needs to be done once per Dropbox account.
If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.
The Dropbox SDKs can handle this automatically for you. For the official Dropbox Python SDK, you can find examples of this flow at the following links:
- https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth-scopes.py
- https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth-pkce.py
When configuring the client like that, it will perform the refresh process for you automatically.
- julio_diniz_perdigao10 months agoExplorer | Level 3
Maybe old, but you have 2 options. I don't know if in 2022, this endpoints was available.
1 - for small files (up to 150MB) use the endpoint get_temporary_upload_link, so you can make uploads directly from client-side.
2 - upload to your server and then, use save_url endpoint to request DropBbox do download the file from your server to your dropbox account.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,875 PostsLatest Activity: 21 days agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!