You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Simone11
6 years agoExplorer | Level 4
Dropbox for Business API Access token login process.
Hi There.
I have an iOS apllication written in Objective-C. I have successfully integrated Dropbox API in my app and I can upload and download data from dropox even using the Access Token for it.
Short code sample to dowload data as per the document as follows:
[[client.filesRoutes listFolder:dbPathToIpad] setResponseBlock:^(DBFILESListFolderResult *response, DBFILESListFolderError *routeError, DBRequestError *networkError) { NSLog(@"response__:%@",response); if (response) {...... }
Now, I have shifted my account to dropbox for business and have few team members in my team. Can I get the process to access folders in each team members account using Access Token of Dropbox for Business API. I am the admin of the account and I have generated Access Token for Dropbox For Business and given permission to access team files.
The idea here is to bypass Auth login using Access Token generated. And the app is destributed to my team members. they should somehow access ther own account using this Access token I genrated and the specific folder structure in their account. Please let me know how is this possible since this is a requirement from my Client.
There is nothing much given to access files using Dropbox for Business API in this link: https://github.com/dropbox/dropbox-sdk-obj-c
Also, if I use this Business Access token I have created in current code of mine i get error response from dropbox as :
DropboxBadInputError[{ ErrorContent = "Error in call to API function \"files/list_folder\": This API function operates on a single Dropbox account, but the OAuth 2 access token you provided is for an entire Dropbox Business team. Since your API app key has team member file access permissions, you can operate on a team member's Dropbox by providing the \"Dropbox-API-Select-User\" HTTP header or \"select_user\" URL parameter to specify the exact user <https://www.dropbox.com/developers/documentation/http/teams>."; RequestId = 2cad3ee7906d1fed388f2146c456116d; StatusCode = 400; UserMessage = nil; }];
Please provide me with link or any reference on how to handle this.
If you have a Dropbox Business API access token for an app with the "team member file access" permission and want to programmatically access a specific member's account using the Dropbox Objective-C SDK, you should use the DBTeamClient userClientWithMemberId: method. That will give you a DBUserClient you can use to access the user methods, such as listFolder. (It sets the "Dropbox-API-Select-User" header mentioned in the error message you shared.)
That would look like this:
DBTeamClient *teamClient = [[DBTeamClient alloc] initWithAccessToken:ACCESS_TOKEN]; DBUserClient *userClient = [teamClient userClientWithMemberId:memberID]; [[userClient.filesRoutes listFolder:path] setResponseBlock...
The member ID would be the team member ID (which starts with "dbmid:"). You can get those from membersList/membersListContinue, for instance.
Also, note that client-side applications, such as on iOS, can't keep secrets, such as access tokens, from a malicious user. For that reason, we don't recommend sharing/hard-coding access tokens in client-side applications. For example, in your described scenario, one team member could potentially extract the access token and use it to access another member's account.
- Greg-DBDropbox Staff
If you have a Dropbox Business API access token for an app with the "team member file access" permission and want to programmatically access a specific member's account using the Dropbox Objective-C SDK, you should use the DBTeamClient userClientWithMemberId: method. That will give you a DBUserClient you can use to access the user methods, such as listFolder. (It sets the "Dropbox-API-Select-User" header mentioned in the error message you shared.)
That would look like this:
DBTeamClient *teamClient = [[DBTeamClient alloc] initWithAccessToken:ACCESS_TOKEN]; DBUserClient *userClient = [teamClient userClientWithMemberId:memberID]; [[userClient.filesRoutes listFolder:path] setResponseBlock...
The member ID would be the team member ID (which starts with "dbmid:"). You can get those from membersList/membersListContinue, for instance.
Also, note that client-side applications, such as on iOS, can't keep secrets, such as access tokens, from a malicious user. For that reason, we don't recommend sharing/hard-coding access tokens in client-side applications. For example, in your described scenario, one team member could potentially extract the access token and use it to access another member's account.
- Sim_oneExplorer | Level 4
Thanks Greg-DB for your inputs.
I am not clear on getting memeberID though( how to get the member id to be precise?).
Also, 1 perticular memberID give access to account of that team member correct?
But my requirement is we distribute our iOS app as enterprise within the team of our organisation. Those people are the Dropbox Team members. So, once we give them the app they should be able to login to thier account without Auth using this dropbox for Business Access token. In that case they should know thier memberID's right to access it. Is there any other way members get their memberID other than how you specified above so that they can manually enter the memberID to access their account using access token? because I believe it is not feasible to give users option in the app to select memberID.
I hope you understand my case.
Any suggestion to go ahead for my this scenario??
- Greg-DBDropbox Staff
You can list all of the members of a team using membersList/membersListContinue. The result will contain each member's team member ID. You can also look up a specific member by email address or external ID using membersGetInfo.
A team member ID itself only identifies a particular member's account on a team. It doesn't itself give access to that member's account. You would need an access token to access an account. An access token for a "Dropbox Business API" app, such as you are using based on the output you shared previously, is for the entire Business team.
Using a Dropbox Business API access token for an app with the "team member file access" permission, you can specify the particular team member account you want to access in particular by specifying the team member ID as in the code in my previous comment. (This is the "member file access" feature documented here.)
End-users generally don't know, and don't have a way in the Dropbox UI, to access their own team member ID. This is something the Business API app should do for them (for instance, using the methods I described at the beginning of this message).
Anyway, since a Dropbox Business API access token enables access to the entire team, we don't recommend distributing it to every team member in client-side applications. It is generally meant to be used server-side, where it can be protected.
- Bharath_NadigExplorer | Level 4
Similar option is there for JAVA SDK ?
- Bharath_NadigExplorer | Level 4
Is there a similar option for java sdk?
- Greg-DBDropbox Staff
Bharath_Nadig Yes, the Dropbox Java SDK also has support for the "member file access" feature. You can use the DbxTeamClientV2.asMember or DbxTeamClientV2.asAdmin methods to get a DbxClientV2 with the 'Dropbox-API-Select-User' or 'Dropbox-API-Select-Admin' header set, respectively.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,910 PostsLatest Activity: 2 days agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!