Child Item

Correct Auth Method for My App?

I work at a screen printing company, and we are building a design library app to display our designs to users. The images of the designs are stored in our Dropbox account. I have already set up my Dropbox app from the App Console and have successfully retrieved some image links using the API. However, the next day, the same requests returned an expired access token error.

I am aware that Dropbox is transitioning/has transitioned to using short-lived access tokens instead of the long-lived ones. I have found support threads discussing this, but they all direct to the OAuth guide, which seems geared toward apps that use the API to allow other users to interact with their own Dropbox accounts.

Because the app we're building ONLY needs access to our own account, I'm unsure of the correct way to handle auth. It seems like permanent access tokens aren't available anymore, but since a user visiting our design library will not have our credentials, sending them to a sign-in screen for OAuth won't work either. What is the correct way to handle auth for this app?

Thanks for your time.

Find more posts tagged with

API

Abuse

Comments

DB-Des

Hi there,

Apps can get long-term access by requesting "offline" access, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. Refresh tokens do not expire automatically and can be used repeatedly. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

Hope this helps!

Greg-DB

It's also worth noting that whether or not the app is only for use with your own account, using the OAuth app authorization flow is the right way to get long-term access, by retrieving a refresh token. If it's only for your own account, you would just need to process that once yourself.