Child Item

API Call using Integromat returns error

Hey there,

I want to create an automated API Call to our company's Dropbox that creates a folder with only select user groups having access. To do that I am using the Dropbox "Make an API Call"-module in Integromat and "/share_folder". I have tested it both with a path that is an existing folder and with one that would create a new folder but every time I run the operation I get the error "The operation failed with an error. [401] missing_scope/".

I am an absolute beginner with this stuff but after doing some reading on this forum I suspect that the connection to Dropbox is read-only. Especially since API Calls like get_metadata or list_folders work just fine. What I am wondering is: How do I find out what kinds of permissions an app that is authorized within Dropbox has (Integromat in this case)? Should I ditch the pre-made module and just make the call using the generic HTTP modules?

Here is the full input I am giving the module:

URL: /2/sharing/share_folder (relative to https://api.dropboxapi.com)

Body: {

"path": "/not a machine cloud/projekte/2021/21012 - casefilm google barklaycard - acht - jm/test", "acl_update_policy": "editors",

"force_async": false,

"member_policy": "team",

"shared_link_policy": "members",

"access_inheritance": "inherit"

}

Dropbox API Endpoint: api

Method: POST

Headers:

Key: Content-Type

Value: application/json

Disable Dropbox API Path Root: false

Thanks a lot in advance!

Cheers,

Leon

Find more posts tagged with

API

Abuse

Comments

Здравко

@Leon_NAM wrote:
... I am using the Dropbox "Make an API Call"-module in Integromat and "/share_folder". I have tested it both with a path that is an existing folder and with one that would create a new folder but every time I run the operation I get the error "The operation failed with an error. [401] missing_scope/".
...

Hi @Leon_NAM,

Your call (the 2/sharing/share_folder call) requires "sharing.write" scope enabled to your application. Have you enabled it? 🧐

@Leon_NAM wrote:
.... Especially since API Calls like get_metadata or list_folders work just fine. What I am wondering is: How do I find out what kinds of permissions an app that is authorized within Dropbox has (Integromat in this case)? ...

Call 2/files/get_metadata required scope is "files.metadata.read". Call 2/sharing/list_folders required scope is "sharing.read". All points you're mentioning have different scopes. You can see those scopes in the documentation (follow the links). According to the described by you, your application has "files.metadata.read" and "sharing.read" scopes, but missing the "sharing.write" one (and probably others too)! Check all your calls required scopes and make sure they are on for the application. 😉

Hope this helps.

Leon_NAM

Hey there,

thanks for the detailed reply! Now I definetely understand why it's throwing an error. I am not making the app however it is a web-based integration software (https://www.integromat.com/) so it looks like the problem is that their app doesn't request "enough" access when you connect it to Dropbox.

UPDATE: I made some progress. The problem here is that integromat doesn't ask for the extended permissions until it needs them for one of the Dropbox preset modules they offer. As soon as you try to use one of them (e.g. Create Folder) it allows you to update the permissions of the app. It's a bit cumbersome but it might have worked (now I am getting a 409 instead of a 401 error which is probably due to missing permissions my account has)

Здравко

@Leon_NAM wrote:
... now I am getting a 409 instead of a 401 error which is probably due to missing permissions my account has)

HTTP status code isn't enough for reason conclusion. Pay attention on error text (as you did within OP)! There you can see the exact error text and probably precise error description (or direction to, at least).

Greg-DB

That's correct, a "missing_scope" error indicates that the access token being used isn't authorized with the particular scope needed to access that endpoint, and so the call is not allowed. You'd instead need to get an access token with that scope authorized.

A 409 error would indicate a different kind of endpoint-specific error. You should check the response body for more specific error information.

Leon_NAM

Hey,

thanks for the replies. You are both right of course. Just saying "there is a [409] no_permission/.. error" is hardly enough information to go on. Sadly integromat does not supply any further information on the error...

My input is the same as last time:

URL

/2/sharing/share_folder

Body

{ "path": "/not a machine cloud/projekte/2021/21012 - casefilm google barklaycard - acht - jm/test", "acl_update_policy": "editors", "force_async": false, "member_policy": "team", "shared_link_policy": "members", "access_inheritance": "no_inherit" }

Dropbox API Endpoint

api

Method

POST

Headers

Key

Content-Type

Value

application/json

Disable Dropbox API Path Root

false

Any idea where I could start looking to get to the bottom of this?

Здравко

@Leon_NAM wrote:
.... Just saying "there is a [409] no_permission/.. error" ...

Hi @Leon_NAM,

Yes, sometimes the error message isn't too verbose. 🤷 It's clear though that some permissions are missing. Do you able to share the same folder, using web interface, in context of the same account? 🤔 Are you (as account) the folder owner? Do you have rights to do that? Is some other shared folder within the one you are trying to share or does 'test' folder reside within a shared folder?

Leon_NAM

Hey @Здравко ,

thanks for the hint. I was using the /share_folder call on a folder that was created by another team member and in it the call was supposed to create a folder called 'test'. I wanted to take this out of the equation for now as it might be fixed if I give the Integromat app more permissions in the dropbox but I can't access those preferences right now.

So what I did to test the actual API call is I went into the root folder (a folder I most definetely own) and executed the program. I do get a new error here (which I would say is a success!) and it reads: "[400] Error in call to API function "sharing/share_folder": request body: could not decode input as JSON". Did I do something wrong in the body of the call?

Here's my input:

URL

/2/sharing/share_folder

Body

{ "path": "/not a machine cloud/test", "acl_update_policy": "editors", "force_async": false, "member_policy": "team", "shared_link_policy": "members", "access_inheritance": "no_inherit"}

Dropbox API Endpoint

api

Method

POST

Headers:

Key

Content-Type

Value

application/json

--
Disable Dropbox API Path Root

false

Thanks for all your help!

Greg-DB

A "request body: could not decode input as JSON" should indicate that the request body the app is sending is not valid JSON, and so could not be parsed by the Dropbox API server as the parameters for the call. The body you showed here appears to be valid JSON though, and I can't reproduce the issue using it; can you double check that that's the exact value your client is sending? It may help to enable verbose output showing the actual raw HTTP request you're sending, if possible.

Leon_NAM

Hey @Greg-DB thanks for your response! I have decided to ditch the premade module and go for the regular "HTTP - Make an OAuth 2.0 request" module to try to make this call. This one actually gives me the same error but a lot more information on the input and output so here it goes (in place of <OAuth Code> I have put my token from the app console) :

Input:

[
    {
        "ca": null,
        "qs": [],
        "url": "https://api.dropboxapi.com/2/sharing/share_folder",
        "data": "{    \"path\": \"/not a machine cloud/test\",    \"acl_update_policy\": \"editors\",    \"force_async\": false,    \"member_policy\": \"team\",    \"shared_link_policy\": \"members\",    \"access_inheritance\": \"no_inherit\"}",
        "gzip": true,
        "method": "post",
        "headers": [
            {
                "name": "Authorization",
                "value": "Bearer <OAuth Code>"
            }
        ],
        "timeout": null,
        "useMtls": false,
        "bodyType": "raw",
        "contentType": "application/json",
        "serializeUrl": false,
        "shareCookies": false,
        "parseResponse": false,
        "followRedirect": true,
        "useQuerystring": false,
        "followAllRedirects": false,
        "rejectUnauthorized": true
    }

Output:

[
    {
        "statusCode": 400,
        "headers": [
            {
                "name": "cache-control",
                "value": "no-cache"
            },
            {
                "name": "content-security-policy",
                "value": "sandbox allow-forms allow-scripts"
            },
            {
                "name": "x-content-type-options",
                "value": "nosniff"
            },
            {
                "name": "content-type",
                "value": "text/plain; charset=utf-8"
            },
            {
                "name": "accept-encoding",
                "value": "identity,gzip"
            },
            {
                "name": "date",
                "value": "Thu, 16 Dec 2021 12:48:46 GMT"
            },
            {
                "name": "server",
                "value": "envoy"
            },
            {
                "name": "content-length",
                "value": "98"
            },
            {
                "name": "x-dropbox-response-origin",
                "value": "far_remote"
            },
            {
                "name": "x-dropbox-request-id",
                "value": "66fdbaa00e7f4eccbc5f1d3d78199118"
            },
            {
                "name": "connection",
                "value": "close"
            }
        ],
        "cookieHeaders": [],
        "data": "Error in call to API function \"sharing/share_folder\": request body: could not decode input as JSON",
        "fileSize": 98
    }
]

Здравко

@Leon_NAM wrote:
...
Input:
...
        "gzip": true,
...
...

Hi @Leon_NAM,

You are using gzip encoding in your request. Dropbox API uses flat requests parameters (including passed as body) and any type of encoding can confuse it. Do you able forbid the encodings for all Dropbox API requests? 🧐

Let's see if this can help.

Leon_NAM

Hey @Здравко,

I tried that but it returns the same error.

Input:

[
    {
        "ca": null,
        "qs": [],
        "url": "https://api.dropboxapi.com/2/sharing/share_folder",
        "data": "{    \"path\": \"/not a machine cloud/test\",    \"acl_update_policy\": \"editors\",    \"force_async\": false,    \"member_policy\": \"team\",    \"shared_link_policy\": \"members\",    \"access_inheritance\": \"no_inherit\"}",
        "gzip": false,
        "method": "post",
        "headers": [
            {
                "name": "Authorization",
                "value": "Bearer <OAuth 2.0 Token>"
            }
        ],
        "timeout": null,
        "useMtls": false,
        "bodyType": "raw",
        "contentType": "application/json",
        "serializeUrl": false,
        "shareCookies": false,
        "parseResponse": false,
        "followRedirect": true,
        "useQuerystring": false,
        "followAllRedirects": false,
        "rejectUnauthorized": true
    }
]

Output:

[
    {
        "statusCode": 400,
        "headers": [
            {
                "name": "cache-control",
                "value": "no-cache"
            },
            {
                "name": "content-security-policy",
                "value": "sandbox allow-forms allow-scripts"
            },
            {
                "name": "x-content-type-options",
                "value": "nosniff"
            },
            {
                "name": "content-type",
                "value": "text/plain; charset=utf-8"
            },
            {
                "name": "accept-encoding",
                "value": "identity,gzip"
            },
            {
                "name": "date",
                "value": "Thu, 16 Dec 2021 14:25:52 GMT"
            },
            {
                "name": "server",
                "value": "envoy"
            },
            {
                "name": "content-length",
                "value": "98"
            },
            {
                "name": "x-dropbox-response-origin",
                "value": "far_remote"
            },
            {
                "name": "x-dropbox-request-id",
                "value": "315f864799fa46c7a4c30fab485af071"
            },
            {
                "name": "connection",
                "value": "close"
            }
        ],
        "cookieHeaders": [],
        "data": "Error in call to API function \"sharing/share_folder\": request body: could not decode input as JSON",
        "fileSize": 98
    }
]

Здравко

Hmm... In such a case, since you can not post the flat HTTP request as @Greg-DB asked for, I can't say something more.

Anyway... Here are "x-dropbox-request-id" values and let's hope @Greg-DB will be able trace what's there.

Good luck, @Leon_NAM.

Greg-DB

Unfortunately I don't have more specific error information add here beyond the message that the parsing failed. The data shown here does appear to be valid JSON, but it's unclear if/how this may be being transformed when being set in the actual HTTPS request being sent. When I try this value myself with this endpoint just using curl I do not get this error, so it does some it's getting malformed by the client somehow. The best way to debug this would be to print out the actual request being sent.

I presume the \ characters are just to escape the quotes and are not being sent to the API, but that may be good to verify. Likewise, the extra whitespace shouldn't matter, but it may be useful to remove it to eliminate that as a potential issue.

Leon_NAM

Hey @Greg-DB and @Здравко,

you're right it's all a bit pointless when we don't know what the flat HTTPS request is exactly. I suspect there's something weird happening on Integromat's side of things as well. I have reached out to their support and am awaiting response. I will post here once they tell me what they think the issue is. Until then: Thanks and have a good one!