Child Item

Write-only access token

Mike2020

I'm trying to create a web interface for users to upload files directly to a folder in my dropbox, rather than their own. I was planning on hard-coding a token that only has write permission into the web app and using the upload endpoints on the API, but the available scopes aren't what I expected. I don't seem to be able to create a separate user with write-only permission to a folder either. File requests aren't ideal for my use case unless I'm missing a way to respond to them using the API, but that's the type of access I'm looking for.

Is there a way to do this?

Find more posts tagged with

API

Abuse

Comments

Greg-DB

[ Cross-linking for reference: https://stackoverflow.com/questions/61468956/dropbox-write-only-access-token ]

No, unfortunately the Dropbox API doesn't offer a write-only permission or a way to programmatically upload to file requests, but I'll pass these along as feature requests. I can't promise if or when they might be implemented though.

One thing you might want to use though is the /2/files/get_temporary_upload_link endpoint. If you can run code on your server, you could make that call there where you can protect your access token, and then pass down the resulting link to the user's browser to have it perform the upload using that there, without the access token.

Simons CMAP

Thanks for the reply and suggestion! I considered this solution but need to allow uploads larger than 150MB.

Greg-DB

Understood, thanks. I'll pass this along as a feature request for a version of that that would support larger files, but I can't promise if or when that might be implemented of course.

Greg-DB

I just wanted to follow up on this to let you know that we've released "scopes" functionality on the Dropbox API, which you can use to configure an app or access token to only a limited set of functionality, such as the ability to write but not read files.

You can find more information about the release in our blog post here:

https://dropbox.tech/developers/now-available--scoped-apps-and-enhanced-permissions