Forum Discussion

Helpful | Level 5

5 years ago

Solved

How to store secret_id in Java desktop app

Hello, As I want to deploy the next version of my Java desktop app with the integration of the Dropbox API so that users can have access to their dropbox folder within the program. For this, I ...

API

Greg-DB
5 years ago
The app key, a.k.a. client ID, is public, and does not need to be hidden. The app secret a.k.a. client secret, should ideally be kept secret. (Leaking your app secret could let someone impersonate your app to an extent, though it wouldn't by itself enable access to any file data.)

Client-side apps fundamentally can't keep secrets. You can make it more difficult for someone to try to extract it, but you can't make it impossible. For this reason, client-side apps, such as a desktop app like you describe, ideally shouldn't contain the app secret at all. To process the OAuth app authorization flow without the app secret, client-side apps should use the "token" flow.

Greg-DB

Dropbox Staff

5 years ago

The app key, a.k.a. client ID, is public, and does not need to be hidden. The app secret a.k.a. client secret, should ideally be kept secret. (Leaking your app secret could let someone impersonate your app to an extent, though it wouldn't by itself enable access to any file data.)

Client-side apps fundamentally can't keep secrets. You can make it more difficult for someone to try to extract it, but you can't make it impossible. For this reason, client-side apps, such as a desktop app like you describe, ideally shouldn't contain the app secret at all. To process the OAuth app authorization flow without the app secret, client-side apps should use the "token" flow.

FJBDev

Helpful | Level 5

5 years ago

Thank you! I will use the implicit grant flow.

I apologize as I just realized that my question is a duplicate of this one. Feel free to delete mine if you need/want : https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Proper-way-of-handling-APP-KEY-and-APP-SECRET/m-p/410478

About Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.5,965 PostsLatest Activity: 3 hours ago

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Forum Discussion

How to store secret_id in Java desktop app

About Dropbox API Support & Feedback

Related Content

Storing videos for a YT-like platform

Re: I use the desktop Dropbox app. Now I see the Windows Store app is installed but "hidden". Why?

Only one tab displaying in spreadsheets stored on Dropbox

Installation Dropbox Desktop sur Win10 sans passer par Windows Store

Dropbox Capture won't download on my Windows computer via the Microsoft Store

Recent Discussions

Slow playback when streaming with AVPlayer

Always receiving empty notification request

I need to get all folders and nested folders within a team

Regarding the folder identifiers that are the same across users who share the folder

StatusCode: 503, ReasonPhrase: 'Service Unavailable'