Forum Discussion

KostyaVasilyev's avatar
KostyaVasilyev
New member | Level 2
2 years ago
Solved

DropBox API - token is short lived, why?

I'm trying to set up access to DropBox for some "enterprisey" tasks (we have a shared DropBox workspace where I work).

 

I've registered an OAuth2 app and went through https://www.dropbox.com/oauth2/authorize to get an authorization code and then used POST to https://api.dropbox.com/oauth2/token to exchange the code for a token.

 

Question:

 

The access token starts with "sl." which as I understand means is a short-lived token. There is an "expires_in: 14400" stanza which is 4 hours.

 

How can I get a non-expiring, permanent token?

 

My app is in "Development" status - is that why? I was not planning to apply for Production status because the "app's" only purpose is to get an access token, but if that's why, then I will have to.

 

Any recommendations?

 

Developers
  • Greg-DB's avatar
    Greg-DB
    2 years ago

    Dropbox is no longer offering the option for creating new long-lived access tokens. Dropbox is now issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here. This applies whether the app is in development or production status.

    Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff
    2 years ago

    Dropbox is no longer offering the option for creating new long-lived access tokens. Dropbox is now issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here. This applies whether the app is in development or production status.

    Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

    • KostyaVasilyev's avatar
      KostyaVasilyev
      New member | Level 2
      2 years ago

      Thank you Greg.

       

      Just tried adding token_access_type=offline to the authorization request and indeed got a refresh token.

       

      I have used OAuth2 before so know what to do next.

       

      Cheers!

About Discuss Dropbox Developer & API

Node avatar for Discuss Dropbox Developer & API
Make connections with other developers807 PostsLatest Activity: 16 hours ago
219 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!