We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.

Forum Discussion

1575475's avatar
1575475
Explorer | Level 3
3 years ago

Error when adding team members to an initally created team folder via http endpoint

I'm making REST calls to the DBX HTTP endpoint from within SAP. My app has full dbx access and all possible rights. Creating a team folder works flawlessly but when trying to add members to that fol...
API
  • Greg-DB's avatar
    Greg-DB
    3 years ago

    1575475 Apologies for the lack of clarity here. For team folders in particular, you need to add members via groups; you can't add them individually. I'll ask the team to see if we can clarify this in the documentation and error response.

     

    For example, you would set the "members" parameter like:

    "members":[{"member":{".tag":"dropbox_id","dropbox_id":"GROUPIDHERE"}}]

     You can get group IDs from /2/team/groups/list, etc.

Greg-DB's avatar
Greg-DB
Icon for Dropbox Staff rankDropbox Staff
3 years ago

1575475 To confirm, I concur with that Здравко has helpfully shared here. The sharing/add_folder_member endpoint requires that an access token is sent as a "Bearer" token in the "Authorization" header, but it looks like your app is prompting for and sending a username and password as "Basic" authorization instead, which is incorrect. I can't offer support for your software/platform itself, so you'll need to troubleshoot it to see why it is attempting "Basic" authorization instead of "Bearer" authorization.

  • 1575475's avatar
    1575475
    Explorer | Level 3
    3 years ago

    Hi Sdrawko, hi Greg,

     

    @Sdrawko:
    If you read my post carefully, I never meant that you're Russian 🙂 I just learned the cyrillic alphabet as side effect when learning Russian at school.
    And, I know that some baltic countries (and maybe others) also use the cyrillic alphabet. But even in such country you have a chance to communicate using Russian. 
    Anyway I've to sincerely apologize for the confusion.

     

    Back to business:
    I'm using HTTP endpoints only (using REST calls) so no "real" SDK will apply.
    The programming language I use is called "ABAP Objects", which is SAP only.

     

    Example:
    Endpoint https://api.dropboxapi.com/2/sharing/add_folder_member

    In order to add a user to that folder I have to use the "Dropbox-API-Select-Admin: <TEAM_MEMBER_ID>" header parameter as stated here:
    https://www.dropbox.com/developers/documentation/http/documentation#sharing-add_folder_member

    curl example using the admin authorization is here:
    https://www.dropbox.com/developers/reference/auth-types#admin-authentication

    curl -X POST "https://api.dropboxapi.com/2/users/get_current_account" \
    --header "Authorization: Bearer <OAUTH2_ACCESS_TOKEN>" \
    --header "Dropbox-API-Select-Admin: <TEAM_MEMBER_ID>"

     

    I'm performing the following steps:
    - create REST API class instance
    - open http connection
    - fetch new oauth2 token using my secret refresh token (refresh token was generated when authorizing the app the first time) and set header field
    ->http header field = "Authorization: Bearer <oauth2 token>"
    - create header field for admin authorization
    ->http header field = "Dropbox-API-Select-Admin: dbmid<my team member id>"
    - create "request" class instance
    - set "Content-Type" to "application/json" via request class (this actually generates the corresponding "Content-Type" header parameter)
    - build json string with info about new user, team folder etc.
    - set json as request data
    - make POST request
    - create "response" class instance
    - get server response & status
    - evaluate response & status
    - close http connection

     

    All these steps work flawlessly making REST calls to other endpoints (without admin auth.).
    Unfortunately there seems to be no useful example in the documentation making use of the "Dropbox-API-Select-Admin" parameter.
    At least I wasn't able to find one.

     

    So, please understand: I cannot see any reason why I'm getting this popup, since I DO send a Bearer token.
    Here's the ABAP-Objects code with some comments:
    ...
    IF lo_rest_client IS BOUND. "check if class instance has been created
    "lo_auth is an instance of a class which handles oauth2 tokens
    lo_auth->get_bearer_auth_name_value( IMPORTING es_bearer_auth = ls_auth_bearer ). "fetch new oauth2 token (or use last token if not expired)
    IF ls_auth_bearer IS NOT INITIAL.
    lo_rest_client->set_request_header( iv_name = ls_auth_bearer-name "Authorization
                                                                 iv_value = ls_auth_bearer-value ). "Bearer <oauth2 token>
    lo_rest_client->set_request_header( iv_name = /karon/cl_dropbox_co=>mc_dbx_par_api_select_admin "Dropbox-API-Select-Admin
                                                                 iv_value = lv_dbx_team_admin ). "dbmid:<team member id>
    lo_rest_client->set_request_header( iv_name = /karon/cl_dropbox_co=>mc_url_par_request_uri "~request_uri
                                                                 iv_value = `/2/sharing/share_folder` ).
    lo_request_entity = lo_rest_client->create_request_entity( ).
    lo_request_entity->set_content_type( iv_media_type = /karon/cl_dropbox_co=>mc_content_json ). "application/json
    lo_request_entity->set_string_data( iv_data = lv_json ). "json string with parameters
    lo_rest_client->post( io_entity = lo_request_entity ).
    ...

    The only reason why I'm sending a Basic token is as response of the authorization popup I'm constantly getting.
    IMHO the question is not why I'm getting an error (which is pretty much clear), but why this popup appears.

    REST calls to endpoints which require the "Dropbox-API-Select-User" parameter also work without a hitch.

     

    Best regards,
    Jan

     

    • Здравко's avatar
      Здравко
      Legendary | Level 20
      3 years ago
      1575475 wrote:

      ...
      IMHO the question is not why I'm getting an error (which is pretty much clear), but why this popup appears.

      ...

      Exactly, that's why you have to redirect your question to platform provider or read the documentation.

      As a good troubleshooting step if possible, dump and evaluate raw communication between your client application and server. There might be a useful communication details you may ignored. You can compare the dump to expected format in API explorer (push "Show Code" and select "HTTP request"). You have to add "Dropbox-API-Select-Admin" header as a extra header (through "Show Headers"). I believe such info can be useful for your platform provider too, to figure out what's wrong with your HTTP request.

      Good luck.

    • Greg-DB's avatar
      Greg-DB
      Icon for Dropbox Staff rankDropbox Staff
      3 years ago

      1575475 It looks like you have the right idea. And for reference, here's a curl example of calling /2/sharing/share_folder with the 'Dropbox-Api-Select-Admin' header specified: (built using the API v2 Explorer)

      curl -X POST https://api.dropboxapi.com/2/sharing/share_folder \
  --header 'Authorization: Bearer <ACCESS_TOKEN>' \
  --header 'Content-Type: application/json' \
  --header 'Dropbox-Api-Select-Admin: <TEAM_MEMBER_ID>' \
  --data '{"path":"<PATH>"}'

      That works for me, when I plug in valid values.

      The popup is presented by your platform though, so I can't offer insight on why that is being shown. As Здравко suggested, you'll want to enable more verbose output if possible to see what exactly the code is/isn't setting properly, and refer to your platform's support/documentation for information on controlling that.

      If the issue is only occurring when you attempt to set the "Dropbox-API-Select-Admin" header, you may also want to try debugging that in particular, e.g., make sure that the header name and value are formed properly and don't contain any stray characters/whitespace, etc. Perhaps something like that is malforming the header values you're attempting to set and then causing your platform to default to prompting for basic credentials, or something to that effect.

      • 1575475's avatar
        1575475
        Explorer | Level 3
        3 years ago

        Hi Greg, hi Sdrawko,

        many thanks for your most valuable help. Indeed, the source of the popup was our SAP system and I was able to rectify the problem.

        So, please excuse my ignorance by thinking that had been a DBX issue 🙂

        But - as the API call seems to work in principle - I'm getting another error:

        {"error_summary": "no_permission/
        ", "error": {"
        tag": "no_permission"}, "user_message": {"locale": "de", "text": "Sie sind nicht berechtigt, diese Aktion durchzuf\u00fchren
        "}}

        Translation: Sie sind nicht berechtigt, diese Aktion durchzuf\u00fchren -> You're not authorized to perform this action

        I've no clue why I'm getting this error. I'm admin and also have reauthorized my app after updating the app permissions. (BTW this wasn't mentioned in the documention, but I've found a thread in this forum regarding that issue.)

        Also, since I've created this folder via REST call "/2/team/team_folder/create"

        I should be owner of the folder and have all the rights. And, again, my app has all permission checkboxes ticked.

        How should I proceed?

         

        Thank you and best regards,

        Jan

         

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,877 PostsLatest Activity: 9 hours ago
325 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!