You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
rdyar
12 months agoHelpful | Level 5
Simple Node script not working with clientId /secret
I'm trying to do the worlds simplest node dropbox script but getting an error, clearly I am missing something.
I set up an App - and gave it all the read permissions.
Then I have this script which should list the contents of the root - which I assume would be the App folder name I setup:
```
import { Dropbox } from "dropbox";
import fetch from "node-fetch";
const clientId = "***";
const clientSecret = "***";
const config = {
fetch,
clientId,
clientSecret,
};
const dbx = new Dropbox(config);
dbx
.filesListFolder({ path: "" })
.then((response) => {
const entries = response.result.entries;
console.log("Contents of the root directory:");
entries.forEach((entry) => {
console.log(entry.name);
});
})
.catch((error) => {
console.error("Error listing contents:", error);
if (error.response) {
console.error("Error response:", error.response.data);
}
});
```
I have the correct id and secret entered when I run it, not ***
When I run it I get an error:
```
Error listing contents: DropboxResponseError: Response failed with a 409 code
at D:\Repos\locket-emailer\node_modules\dropbox\cjs\src\response.js:34:11
at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
status: 409,
headers: {
'accept-encoding': 'identity,gzip',
'cache-control': 'no-cache',
connection: 'close',
'content-length': '126',
'content-security-policy': 'sandbox allow-forms allow-scripts',
'content-type': 'application/json',
date: 'Sat, 23 Dec 2023 03:34:45 GMT',
server: 'envoy',
'x-content-type-options': 'nosniff',
'x-dropbox-request-id': '266f5a0735ac4753a45ad1bb0214e9c5',
'x-dropbox-response-origin': 'far_remote'
},
error: {
error_summary: 'path/unsupported_content_type/..',
error: { '.tag': 'path', path: [Object] }
}
}
```
Shouldn't this work? I read in another thread that the app permissions don't allow access to anything but in another place I read I should be able to access the apps folder which makes more sense to me.
All I want to end up with is a script I will run on a local computer on a schedule to get some shareable links - for my own files which will be in the apps folder.
I was able to get this all to work as a script. So far it has worked great, running every 15 minutes for the last week. I only do the dropbox auth part if the thing I want to share has actually changed which happens several times per day during working hours.
In order get the refresh token chatGPT give me a script to run in powershell:
I pasted this in all at once:
$clientId = "yourAppIDHere"$clientSecret = "YourAppSecret"$authorizationCode = "ACCESSCodeFromPreviousStep"$base64Auth = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("${clientId}:${clientSecret}"))$headers = @{ Authorization = "Basic $base64Auth"}$body = @{ code = $authorizationCode grant_type = "authorization_code"}$response = Invoke-RestMethod -Uri "https://api.dropbox.com/oauth2/token" -Method Post -Headers $headers -Body $body# Output the access token$response.refresh_tokenThat gave me refresh token that I can then use to get a current access token - so that is hard coded in the script.I then have a db auth function which uses that refresh token and returns a new access token:import fetch from "node-fetch";const clientId = "yourAppID";const clientSecret = "YourAppSecret";const refreshToken ="RefreshTokenFromPowershell";// Function to refresh the access tokenexport default async function refreshAccessToken() {method: "POST",headers: {"Content-Type": "application/x-www-form-urlencoded",Authorization: `Basic ${Buffer.from(`${clientId}:${clientSecret}`).toString("base64")}`,},body: `grant_type=refresh_token&refresh_token=${refreshToken}`,});const data = await response.json();console.log("data in refresh :>> ", data);if (data.access_token) {return data.access_token;} else {throw new Error("Failed to refresh access token");}}Then I use that access token like you normally would.import fetch from "node-fetch";const config = {fetch,accessToken,clientId,clientSecret,};const dbx = new Dropbox(config);const data = await dbx.filesListFolder({ path: "" });
- ЗдравкоLegendary | Level 20
- rdyarHelpful | Level 5
yes, first time trying to do anything with the dropbox api, and in general I am not the most skilled at this but can usually get the job done. I did look thru lots of example and have not seen anything like what I want to do (node script on schedule).
I can do what that code does with an access token, but that only works for a few hours thus why I tried to use the app id and secret.
All of the examples I have seen need to interact with someone via a browser or like that prompt to get a token - but this is just for a script that I want to run on my own files and it will run on a schedule so there won't be anyone around to fill in the prompt. It sounds like this used to be easy when the access codes were not short lived.
Can you tell me if the app id/secret can do this? I have seen other posts by you I think that said the app id/secret does not have access to any particular users DB but somewhere else I read that it should be able to do stuff with the apps folder.
I'll try to get the refresh token thing to work with an access token since I'm guessing I am misunderstanding the purpose of the app id/secret.
Thanks for the reply.
- ЗдравкоLegendary | Level 20
rdyar wrote:... since I'm guessing I am misunderstanding the purpose of the app id/secret.
...
Yes, for sure. As their name part (app - 'app' key/id and 'app' secret) suppose, it's not account related, but application related. To access particular account related thing (like listing some folder in Dropbox account, even when the account is yours) you need to authenticate the account, not application (even when the application is your property). Otherwise you don't have access to there.
rdyar wrote:...
I can do what that code does with an access token, but that only works for a few hours thus why I tried to use the app id and secret.
...
Yes, access token is short lived and works for limited time span (4 hours or so). As explained above already, app related authentication cannot replace account related! For long term access you need refresh token that doesn't expire automatic and can be reused. The common (border) thing between application authentication and account authentication is OAuth flow. To get refresh token, you need to perform offline access type OAuth flow.
Hope this sheds additional light.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,888 PostsLatest Activity: 2 days agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!