Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
Good afternoon,
I am working on a project that uses Qualtrics (a web-based survey/forms) platform to create Dropbox file requests to allow the user to securely upload files to go along with their form submission to my Dropbox folder.
All file requests would be from my account.
While I have gotten the basics working, creating a file request via the HTTP SDK. Using the following from the API Explorer
POST /2/file_requests/create
Host: https://api.dropboxapi.com
User-Agent: api-explorer-client
Authorization: Bearer [[#TOKEN#]]
Content-Type: application/json
{
"title": "12345678 Smith, John (App #: FA24-1234)",
"destination": "1234 Jones_Martha OTE 1000S Student Smith_John",
"deadline": {
"deadline": "2024-09-25T01:00:00Z",
"allow_late_uploads": {
".tag": "one_day"
}
},
"open": true
}
I was able to translate it into Qualtrics' Webservices screen
I am now stumped because I found out from Dropbox Support that the API Token that was in the Dropbox App Console are not long living and expire in short time. So, the question is how do I follow the process to authenticate which will allow the system to still create the file requests?
The end users do not login to Dropbox and are not required to have a Dropbox account to submit their files.
The documentation that Dropbox Support sent me (Using OAuth 2.0 with offline access - Dropbox) appears to be for requiring the user to login to Dropbox to do tasks.
I hope that someone could provide a person who is new to working with APIs with some guidance and advice.
Thank you in advance for your guidance.
Hi @GaryH_BAR01,
Maybe a bit more simple example than the one sent to you by Dropbox support may be seen here. 😉
Probably Dropbox support hasn't explained you very clear what you need exactly and why. You don't need to force your end users to log in any Dropbox account or anything similar. The only one that need to get logged in is... you! 🙂 Nobody else. And all this just once; at the time you need to grant permission to your application to access... your account.
Once you have refresh token, following all directions in the thread I linked to, the only thing you need to add in your application is the received refresh token and a bit of code the make sure your access token is not expired when you need one - i.e. you need to implement in your code only the last direction I gave there (the refresh). That's all.
Hope this helps you.
Good Morning @Здравко - Some questions to make sure that I am understanding the post that you provided a link to.
1) Regarding the refresh_token: does that change or is that something that I can store as a constant in my workflow for this project?
2) While I was able to run the commands in a terminal window, I need to convert the refresh token statement "curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=<REF_TOKEN_HERE> -..." into something that can be used by the Qualtrics Web Service (format shown in original post)
I had tried to run this and it did not work. Suggestions?
Hi @GaryH_BAR01,
To add to @Здравко's suggestion: Apps can get long-term access by requesting "offline" access, this can be achieved by adding "token_access_type=offline" to the authorization URL. Keep in mind that there will need to be user interaction the first time the app is being authorized. A "refresh token" is returned in the response object, this "refresh token" can be used to retrieve new short-lived access tokens as needed, without further manual user intervention.
To answer your first question, yes, the "refresh token" can be securely stored for later use; it can be re-used and doesn't expire automatically (though it can be revoked on demand).
I hope this information provides more clarity!
--
[Cross-linking for reference: https://stackoverflow.com/questions/79020302/dropbox-filerequest-api-handling-token-issues-working-w... ]
@DB-Des the next issue that I am having is how to format the command for the refresh token as the POST request (via the Form image that I submitted) since I cannot run a cURL command directly in the external platform.
curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=${e://Field/DBX_AUTH_REFRESH_TOKEN} -u ${e://Field/DBX_AUTH_APP_KEY}:${e://Field/DBX_AUTH_APP_SECRET}
The connector prompt that Qualtrics is providing to access the external APIs
Asks for a URL ( which I am assuming is https://api.dropbox.com/oauth2/token)
Using the "POST" Method I am able to set Query Parameters, Body Parameters (either in application/json or application/x-www-form-urlencoded format) and Custom Headers.
I attempted to set the body parameters using application/json format
grant_type : refresh_token
refresh_token : {the Refresh Token issued by DBX}
user: {AppKey}:{AppSecret}
However the response I got was an error from DBX "The request parameters do not match any of the supported authorization flows. Please refer to the API documentation for the correct parameters."
I suspect that I am putting the values from the cURL statement in the wrong boxes could you please advise?
Hi @GaryH_BAR01,
The /oauth2/token endpoint only accepts application/x-www-form-urlencoded format.
Additionally, based on the screenshot provided, there is a field being added with "user" as a parameter, which is not a parameter recognized by /oauth2/token — most likely why you are receiving that error.
When using Basic Auth (AppKey:AppSecret), the corresponding cURL request would look like this:
curl https://api.dropbox.com/oauth2/token \
-d grant_type=refresh_token \
-d refresh_token=DBX_AUTH_REFRESH_TOKEN \
-u AppKey:AppSecret
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!