You can find the Dropbox Platform developer community on the following sites:
If you can't find an answer in the resources above or frequently asked questions below, you can contact API support. They can help you with any problems, questions, or comments you have about the Dropbox Platform.
The Dropbox Platform offers a number of APIs for different use cases:
In general, you should use the minimum permissions required for your app. When users link their Dropbox account to your app, they'll be asked to grant the permissions you've requested. We find that users are more likely to link their account if minimal permissions are requested.
There are two permissions: App folder and Full Dropbox. Read more about how they differ on our developer guide.
You can register for multiple versions of your app with different permissions and allow the user to choose the option they prefer. This, however, requires more work for you as the developer, additional UI, and an extra decision that your users have to make.
Yes! There's no cost to you as the developer, and any type of Dropbox account, free or paid, can use your app.
You can get an API app key and secret by creating an app on the app creation page. Once you have an app created, the app key and secret will be available on the app's page on the App Console. Note that Drop-ins have app keys but no app secrets.
You can rename Drop-ins at any point, and Core apps while they're still in development status, on the App Console. If you have an app in production status that you need renamed, open an API support ticket and we can do it for you.
OAuth is an open protocol used by the Dropbox API for authorizing access to resources on Dropbox. It is a more secure alternative to handling user credentials directly. The Dropbox API supports OAuth 2.0, but the official SDKs handle all of this for you. You can read more about OAuth on the official OAuth site.
App access tokens effectively don't expire, but users can manually revoke tokens by going into My apps. In the case of apps with app folder access, if the user deletes the app folder, your app's access token will no longer be valid.
You should only process the authorization once, and save the access token for all future calls for that user. If an existing access token is invalid, (in which cases calls will return 401), you should prompt the user to re-authorize your app.
Yes, but you'll run into issues with trying to link to Dropbox when they're both installed at the same time. Open an API support ticket and we can help.
We get to nearly all production requests within a few business days. You can find more information about applying for production in our developer guide.
Yes, if you need to change the app key and secret on an existing app for any reason, open an API support ticket and we'll help. Cycling your app key and secret won't disable existing access tokens.
Yes, open an API support ticket, and we can help.