You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Mobile Application(IOS and Android)
Hi there, currently i am working on mobile application for an organization whose requirement are as follow 1. All employees have installed company app on their smart phone i-e android and ios. With...
The issue is that client-side applications can't keep secrets, meaning that any access token stored in a distributed app, or even just sent to the app at any time, could be extracted. That means that a malicious user could get the access token, and use it to access the Dropbox API directly, bypassing any access controls your app attempted to enforce. (E.g., they could download files.)
However, if you have your own server and are willing to use that as an intermediary, you do have more options. You could have the app call to your server, and have your server call the Dropbox API. That way, you can protect your access token on the server.
In that case, you can either:
a) have the mobile apps upload to your server, and then have the server upload to Dropbox (e.g., to /2/files/upload).
b) have the mobile apps call your server, have the server call /2/files/get_temporary_upload_link, and return the resulting upload link to the app. The app could then upload directly to Dropbox using the link. (Note that /2/files/get_temporary_upload_link is still in preview though.)
Thanks for your time, Actually i was busy these days that why i am writing late to you. I have noticed the main point here, i have found your answer very helpful i will discuss these points with the organization i am working and get back to you, for now i am marking your answer as "Best Answer". Once again Thanks for your time
Greg-DB
Dropbox Staff
Dropbox StaffThe issue is that client-side applications can't keep secrets, meaning that any access token stored in a distributed app, or even just sent to the app at any time, could be extracted. That means that a malicious user could get the access token, and use it to access the Dropbox API directly, bypassing any access controls your app attempted to enforce. (E.g., they could download files.)
However, if you have your own server and are willing to use that as an intermediary, you do have more options. You could have the app call to your server, and have your server call the Dropbox API. That way, you can protect your access token on the server.
In that case, you can either:
a) have the mobile apps upload to your server, and then have the server upload to Dropbox (e.g., to /2/files/upload).
b) have the mobile apps call your server, have the server call /2/files/get_temporary_upload_link, and return the resulting upload link to the app. The app could then upload directly to Dropbox using the link. (Note that /2/files/get_temporary_upload_link is still in preview though.)
Thanks for your time, Actually i was busy these days that why i am writing late to you. I have noticed the main point here, i have found your answer very helpful i will discuss these points with the organization i am working and get back to you, for now i am marking your answer as "Best Answer". Once again Thanks for your time
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
