We're making changes to the Community, so you may have received some notifications - thanks for your patience and welcome back. Learn more here.
Forum Discussion
App
I have a Dropbox App in development. It needs to upload and download files for a given client account. This account is not my account that files are being uploaded and dowloaded to, it's the client(s) account. I see that if the App is in production a Dropbox user can give access to the App. However, as stated, my App is in dev. To go into production Dropbox says I need 50 users. So, given this information, how can I allow my client to allow my App access to their account to upload and download files. I need full control or near full control because my client is expecting files to be in folders that they specify i.e., they have a naming convention for where the files are. How can my client gain access to my App in dev and how can my App have the required functionality stated.
When using the Dropbox OAuth app authorization flow, the resulting access token (and refresh token, if requested) will be connected to whichever account was signed in and authorized the app during the app authorization flow. Any API calls made with that access token will be made for that particular account.
So, when you process the app authorization flow while signed in to your account, the app receives an access token for your account. To get an access token for your client's account, they should process the app authorization flow for your app while signed in to their account.
- Greg-DB
Dropbox Staff
You can use the Dropbox API to access the full contents of a connected account even if the app is still in development status. The production versus development status only controls how many different accounts can be connected to your app. If you'll never need to have more than 50 accounts connected, you don't need production status.
The access type of your app controls what files your app can access. (This is different than the production versus development status of the app.) To be able to access any/all files in a connected account, you should use "full Dropbox" access. You can find more information on the access types here.
Finally, to allow another user to connect their account to your app, you should implement the OAuth app authorization flow.
Thanks Greg.
I think I am missing one thing. The App already has full access, The App connects with oauth2 flow and I can query my acocunt. The part I think I am missing is during the OAuth2 flow. Where in the Auth call or Token call am I specifying the other account. How does the call to the API know which account is requesting an auth token for the first time? For instance, in another product, the user is made to log in or sign up for an account prior to allowing the App to have access. Does the same go for Dropbox? Is it the logging into Dropbox during the oAuth2 request, if the client is not already logged in, the thing that identfies which account is requesting access? Same would go for if the client is already logged in to Dropbox. Being logged into Dropbox identifies the account and I don't have to actually pass anything extra to the Apps already working oAuth2 flow. Note, this is first time not returning clients.- Greg-DB
When using the Dropbox OAuth app authorization flow, the resulting access token (and refresh token, if requested) will be connected to whichever account was signed in and authorized the app during the app authorization flow. Any API calls made with that access token will be made for that particular account.
So, when you process the app authorization flow while signed in to your account, the app receives an access token for your account. To get an access token for your client's account, they should process the app authorization flow for your app while signed in to their account.
