cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Musicians, convert your MuseScore files to PDF to play music on the go! Learn more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Correct Auth Method for My App?

Labels:

Correct Auth Method for My App?

Josh-IP
Explorer | Level 3
‎11-21-2023 10:15 AM

I work at a screen printing company, and we are building a design library app to display our designs to users. The images of the designs are stored in our Dropbox account. I have already set up my Dropbox app from the App Console and have successfully retrieved some image links using the API. However, the next day, the same requests returned an expired access token error.

 

I am aware that Dropbox is transitioning/has transitioned to using short-lived access tokens instead of the long-lived ones. I have found support threads discussing this, but they all direct to the OAuth guide, which seems geared toward apps that use the API to allow other users to interact with their own Dropbox accounts.

 

Because the app we're building ONLY needs access to our own account, I'm unsure of the correct way to handle auth. It seems like permanent access tokens aren't available anymore, but since a user visiting our design library will not have our credentials, sending them to a sign-in screen for OAuth won't work either. What is the correct way to handle auth for this app?

 

Thanks for your time.

Labels:
  • 0 Likes
  • 2 Replies
  • 461 Views
0 Likes
2 Replies 2

DB-Des
Dropbox Engineer
‎11-21-2023 12:49 PM

Hi there,

 

Apps can get long-term access by requesting "offline" access, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. Refresh tokens do not expire automatically and can be used repeatedly. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

 

Hope this helps!

0 Likes

Greg-DB
Dropbox Staff
November

It's also worth noting that whether or not the app is only for use with your own account, using the OAuth app authorization flow is the right way to get long-term access, by retrieving a refresh token. If it's only for your own account, you would just need to process that once yourself.

0 Likes
Need more support?