nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Child Item

Auth Code validity and rate limit.

tsumit g.

Hi Team,

I have 2 questions.

1. What is the auth code time limit or validity like 2min or mins. can anyone tell.

2. What is the rate limit of API. (API limits). I am using API for mainy user creation/updation/deletion operations.

Thanks.

Find more posts tagged with

API

Abuse

Comments

Greg-DB

1. The authorization code expiration window isn't documented, as the code is meant to be used immediately after the app authorization. (I believe it is a few minutes though.)

2. The Dropbox API does have a rate limiting system, but we don't have any specific numbers documented. It is only designed to prevent abuse though, and is accordingly very generous. Further, the limits operate on a per-user basis. That being the case, you generally don't need to worry about hitting it in normal use. Also note that not all 429s and 503s indicate rate limiting, but in any case that you get a 429 or 503 the best practice is to retry the request, respecting the Retry-After header if given in the response, or using an exponential back-off, if not.

tsumit g.

Greg, thanks for the reply. I just want to ask one more question. We're using the V2 Business endpoints. Do the rate limits still apply per user or it's at an app-level?

We're trying to provision the our organization's users to Dropbox, but we don't have numbers on how many calls per day. But if you could provide us a number or as to what constitutes "normal use", it would be very helpful. Of course, we'd still respect the Retry-After header

Greg-DB

When using the Business API, the rate limiting for the team endpoints are similarly per-team, not per app. For the user endpoints, it is per-team member. We don't have any specific numbers available though.