Forum Discussion

Explorer | Level 4

10 months ago

Integrating Dropbox API into file sharing application

Hi, people!

I'm currently working on a chat app that relies on the sharing of heavy files. So I decided to try to use the Dropbox API to deal with the file management.

The scenario is: every user should be able to send attached files from their computers in messages, but they are actually sending the files to my Dropbox account and the message only contains a public link to the file inside my Dropbox app folder.

I've created the app in the Dropbox developer pages, setted everything up and even got everything working as expected using those manually generated access tokens (that expires after some time).

But since the users should be able to upload their local files straight to Dropbox (without uploading anything to my server), I'm using the Javascript SDK to handle this and the tokens end up being exposed in the source code of the web app.

My question is: given that the users also shouldn't have to authenticate to thei Dropbox account, is there a safe way, an authorization flow, to accomplish the described above?

Thanks in advance for any help!

API

Здравко
10 months ago
Hi diegostefano,
In the described situation you have 2 possible scenarios. Usage of temporary upload link or make you server behave like a proxy.
You can use /2/files/get_temporary_upload_link to generate upload link (server side) on demand and use the same link client side to make the actual upload. This way is lighter since nothing more than the link generation is performed server side and most of the traffic is between client side and Dropbox server. Drawback is the nature of the link - once it stops cannot be used to continue broken connection for instance. Such a way is usable for stable client side connection if you can rely on.
Other way is upload the file to your server at once or in pieces (without saving them locally) where the data are forwarded directly to Dropbox using upload session. There are different possible configuration of such session. Select what best matches your use case. In such a situation you have better control on the upload process and can control it at any one moment and step, but your server load becomes higher.
In both cases no any authentication information unrelated to particular user is exposed to client side. All authentications of the account are performed server side. Choose what better suits your needs.
Hope this helps.

Здравко
Legendary | Level 20
10 months ago
Hi diegostefano,
In the described situation you have 2 possible scenarios. Usage of temporary upload link or make you server behave like a proxy.
You can use /2/files/get_temporary_upload_link to generate upload link (server side) on demand and use the same link client side to make the actual upload. This way is lighter since nothing more than the link generation is performed server side and most of the traffic is between client side and Dropbox server. Drawback is the nature of the link - once it stops cannot be used to continue broken connection for instance. Such a way is usable for stable client side connection if you can rely on.
Other way is upload the file to your server at once or in pieces (without saving them locally) where the data are forwarded directly to Dropbox using upload session. There are different possible configuration of such session. Select what best matches your use case. In such a situation you have better control on the upload process and can control it at any one moment and step, but your server load becomes higher.
In both cases no any authentication information unrelated to particular user is exposed to client side. All authentications of the account are performed server side. Choose what better suits your needs.
Hope this helps.
- diegostefano
  Explorer | Level 4
  10 months ago
  @Здравко, thanks a lot, man! The temporary link thing worked almost perfectly except for one detail: I am not able to upload large files (600MB, for example).
  
  When I make the POST request to the generated temporary link to upload small files, everything works fine, but for larger files it does not. It goes all the way with the upload, but in the end it fails.
  
  I looked into the upload session stuff, but I face the exposed token problem again.
  
  Do you know any workaroud for this?
  - Здравко
    Legendary | Level 20
    10 months ago
    diegostefano wrote:
    ...
    I looked into the upload session stuff, but I face the exposed token problem again.
    ...
    The only way to avoid token exposing is, as I said, use your server as a proxy in such case (not only for link or something else generation). In such a way file size limit is hundreds of GBs and you don't need to expose any Dropbox token to the user. I don't know other way. 🤷

About Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,876 PostsLatest Activity: 7 hours ago

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Forum Discussion

Integrating Dropbox API into file sharing application

About Dropbox API Support & Feedback

Related Content

Dropbox application not working when I click my icon on the task bar.

Can't find Dropbox in the applications folder

Not applicable

Software Engineer Intern (Summer 2025) - Application Form Issues

installed Dropbox application cannot be shown

Recent Discussions

Dropbox internal error occured - Resolution

How to add the entire team to team folder by api

API Upload .HEIC and convert to JPG

Invalid Folder Name with Team API

Zapier - 409 error path/not found