cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
We are making some updates so the Community might be down for a few hours on Monday the 11th of November. Apologies for the inconvenience and thank you for your patience. You can find out more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Dropbox APP Authorization Token Expires

Dropbox APP Authorization Token Expires

ABDUL Salam
Explorer | Level 3
Go to solution

Hello Forum Members,

I have a project where I receive public URLs of files, and I save these files to a specific folder structure in Dropbox In my Dropbox account only. I'm using https://www.dropbox.com/developers/documentation/http/documentation#files-save_url to achieve this using the Dropbox API. Currently, I am able to pass a URL to the API, and it saves/downloads the file and places it in the correct folder structure within Dropbox. But the issue is that my authorization token
"Authorization: Bearer <My Token HERE>"
that we need to pass in the request header expires after some time. I have generated it from the below section in app settings after creating my app 

ABDULSalam_0-1700444419045.png

Note: I am developing in PHP - LARAVEL Framework. I need this to be achieved for my Dropbox account only.

Any help or insights would be greatly appreciated. 

Thank you in advance for your assistance!

1 Accepted Solution

Accepted Solutions

Здравко
Legendary | Level 20
Go to solution

OAuth flow is a way to authenticate user (one or more) grant for particular application to access corresponding account(s). There is no any limitation in users count (if we ignore some possible provider specific limitations, but it's not protocol related). As I said for long term access, you need refresh token and the only way to get to such token is OAuth usage - Dropbox doesn't provide alternative by now - doesn't matter who is the user or how many are they.

When you will use only your own account, you don't need to implement the complete OAuth flow inside your application, but you need refresh part at least - it's mandatory. The actual authentication (the initial steps) can be performed once, by hands, outside the application and once you have the refresh token continue using it inside the application. For an example how you can perform the initial steps outside application and how you can perform refresh inside the application (you should implement the last step in PHP), take a look here.

Hope this sheds some more light.

View solution in original post

4 Replies 4

Здравко
Legendary | Level 20
Go to solution

Hi @ABDUL Salam,

Long lived access token are deprecated long time ago already. Currently, generation of new such token is completely dropped - all new access token are short lived (If you have still some old you can kepp using it, not new).

For long term access and new token, you need refresh token received using OAuth flow with set offline access. May be you will want to implement refreshing in your PHP to use it continuously.

Hope this gives direction.

ABDUL Salam
Explorer | Level 3
Go to solution

Hi @Здравко Thanks for responding to the query but I have a question should I be implementing OAuth flow for an app that needs to access my account only? As far as I am concerned or maybe I am wrong OAuth flow is implemented when my app needs to access multiple user accounts.
Thanks.

PREVIEW
 
 
 

Здравко
Legendary | Level 20
Go to solution

OAuth flow is a way to authenticate user (one or more) grant for particular application to access corresponding account(s). There is no any limitation in users count (if we ignore some possible provider specific limitations, but it's not protocol related). As I said for long term access, you need refresh token and the only way to get to such token is OAuth usage - Dropbox doesn't provide alternative by now - doesn't matter who is the user or how many are they.

When you will use only your own account, you don't need to implement the complete OAuth flow inside your application, but you need refresh part at least - it's mandatory. The actual authentication (the initial steps) can be performed once, by hands, outside the application and once you have the refresh token continue using it inside the application. For an example how you can perform the initial steps outside application and how you can perform refresh inside the application (you should implement the last step in PHP), take a look here.

Hope this sheds some more light.

ABDUL Salam
Explorer | Level 3
Go to solution

Thanks @Здравко That makes sense. Appreciate your detailed explaination.

Need more support?