The code flow is the recommended OAuth flow for all types of applications.
If you’re using one of the SDKs, see their tutorials and sample apps for reference after reviewing this guide. Using one of these SDKs is recommended when possible. While doc will cover details of OAuth using HTTP calls, remember that Dropbox SDKs will take care of some of the OAuth 2 process automatically for you. Your end-users will connect to that app via the OAuth flow. Keep in mind that this is only for your own account - you'll need to use the standard OAuth flow to obtain access tokens for other users.ĭo not instruct your users to register their own Dropbox application to use your app - you just need to register your app once. When using API scopes, you may also ask for minimal permissions at authorization time - then re-authorize at later time if and when your application requires more permissions from the user. Requesting more scope and content access than required may result in end users not accepting your OAuth request and could impact your app review process. This permission is appropriate when your application needs to regularly access pre-existing content in the user’s account.Īlways ask for the least amount permissions required by your applications. Full Dropbox: Your application will be able to take actions allowed by its scopes on all data within the user’s Dropbox account.This option is suitable for apps that export content or manage only their content. App Folder: Your application will be able to take actions allowed by its scopes on data within its app folder only (in the /apps folder).Content AccessĪs you create your Dropbox application, you will also be prompted to select the scope of file access. If you have an existing app on these types, don’t worry - this transition does not require code change. Team member management – Team information, plus the ability to add, edit, and delete team membersįor compatibility, these deprecated app types remain selectable - but over the coming months we will begin to transition these apps to equivalent scopes.Team member file access – Team information and auditing, plus the ability to perform any action as any team member.Team auditing – Team information, plus the team's detailed activity log.Team information – Information about the team and aggregate usage data.Business API apps would select from one of four permission types to determine the API calls they have access to: Prior to the introduction of scopes, Dropbox API apps would select only their level of content access (described below).