(Beginner) API to create file requests

Question

Good afternoon,&nbsp;I am working on a project that uses Qualtrics (a web-based survey/forms) platform to create Dropbox file requests to allow the user to securely upload files to go along with their form submission to my Dropbox folder.&nbsp;&nbsp;All file requests would be from my account.&nbsp;&nbsp;While I have gotten the basics working, creating a file request via the HTTP SDK. Using the following from the API ExplorerPOST /2/file_requests/create
Host: https://api.dropboxapi.com
User-Agent: api-explorer-client
Authorization: Bearer [[#TOKEN#]]
Content-Type: application/json

{
    "title": "12345678 Smith, John (App #: FA24-1234)",
    "destination": "1234 Jones_Martha OTE 1000S Student Smith_John",
    "deadline": {
        "deadline": "2024-09-25T01:00:00Z",
        "allow_late_uploads": {
            ".tag": "one_day"
        }
    },
    "open": true
}I was able to translate it into Qualtrics' Webservices screen&nbsp;&nbsp;I am now stumped because I found out from Dropbox Support that the API Token that was in the Dropbox App Console are not long living and expire in short time. So, the question is how do I follow the process to authenticate which will allow the system to still create the file requests?&nbsp;&nbsp;The end users do not login to Dropbox and are not required to have a Dropbox account to submit their files.&nbsp;&nbsp;The documentation that Dropbox Support sent me (Using OAuth 2.0 with offline access - Dropbox) appears to be for requiring the user to login to Dropbox to do tasks.&nbsp;&nbsp;I hope that someone could provide a person who is new to working with APIs with some guidance and advice.&nbsp;&nbsp;Thank you in advance for your guidance.&nbsp;

Здравко · Answer

Hi GaryH_BAR01,Maybe a bit more simple example than the one sent to you by Dropbox support may be seen here. 😉Probably Dropbox support hasn't explained you very clear what&nbsp; you need exactly and why. You don't need to force your end users to log in any Dropbox account or anything similar. The only one that need to get logged in is... you! 🙂 Nobody else. And all this just once; at the time you need to grant permission to your application to access... your account.Once you have refresh token, following all directions in the thread I linked to, the only thing you need to add in your application is the received refresh token and a bit of code the make sure your access token is not expired when you need one - i.e. you need to implement in your code only the last direction I gave there (the refresh). That's all.Hope this helps you.

GaryH_BAR01 · Answer

Good Morning Здравко - Some questions to make sure that I am understanding the post that you provided a link to.

1) Regarding the refresh_token: does that change or is that something that I can store as a constant in my workflow for this project?

2) While I was able to run the commands in a terminal window, I need to convert the refresh token statement "curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=<REF_TOKEN_HERE> -u <AppKey>:<AppSecret> " into something that can be used by the Qualtrics Web Service (format shown in original post)

I had tried to run this and it did not work. Suggestions?

DB-Des · Answer

Hi&nbsp;GaryH_BAR01,
&nbsp;
To add to @Здравко's suggestion:&nbsp;Apps can get long-term access by requesting "offline" access, this can be achieved by adding "token_access_type=offline" to the authorization URL. Keep in mind that there will need to be user interaction the first time the app is being authorized. A&nbsp;"refresh token" is returned in the response object, this "refresh token" can be used to retrieve new short-lived access tokens as needed, without further manual user intervention.
&nbsp;
To answer your first question, yes,&nbsp;the "refresh token" can be securely stored for later use; it can be re-used and doesn't expire automatically (though it can be revoked on demand).
&nbsp;
I hope this information provides more clarity!
&nbsp;
--
[Cross-linking for reference: https://stackoverflow.com/questions/79020302/dropbox-filerequest-api-handling-token-issues-working-with-qualtrics-webserv ]

GaryH_BAR01 · Answer

DB-Des&nbsp;the next issue that I am having is how to format the command for the refresh token as the POST request (via the Form image that I submitted) since I cannot run a cURL command directly in the external platform.&nbsp;&nbsp;curl https://api.dropbox.com/oauth2/token  -d grant_type=refresh_token -d refresh_token=${e://Field/DBX_AUTH_REFRESH_TOKEN} -u ${e://Field/DBX_AUTH_APP_KEY}:${e://Field/DBX_AUTH_APP_SECRET}&nbsp;The connector prompt that Qualtrics is providing to access the external APIs&nbsp;Asks for a URL ( which I am assuming is https://api.dropbox.com/oauth2/token)&nbsp;Using the "POST" Method I am able to set Query Parameters, Body Parameters (either in application/json or&nbsp; application/x-www-form-urlencoded format) and Custom Headers.&nbsp;&nbsp;I attempted to set the body parameters using application/json formatgrant_type : refresh_tokenrefresh_token : {the Refresh Token issued by DBX}user: {AppKey}:{AppSecret}&nbsp;However the response I got was an error from DBX "The request parameters do not match any of the supported authorization flows. Please refer to the API documentation for the correct parameters."&nbsp;I suspect that I am putting the values from the cURL statement in the wrong boxes could you please advise?

DB-Des · Answer

Hi&nbsp;GaryH_BAR01,
&nbsp;
The /oauth2/token endpoint only accepts&nbsp;application/x-www-form-urlencoded format.
&nbsp;
 Additionally, based on the screenshot provided, there is a field being added with "user" as a parameter, which is not a parameter recognized by /oauth2/token&nbsp;— most likely why you are receiving that error.
&nbsp;
When using Basic Auth (AppKey:AppSecret), the corresponding cURL request would look like this:
curl https://api.dropbox.com/oauth2/token \
    -d grant_type=refresh_token \
    -d refresh_token=DBX_AUTH_REFRESH_TOKEN \
    -u AppKey:AppSecret

Forum Discussion

(Beginner) API to create file requests

About Dropbox API Support & Feedback

Related Content

Cannot create File Request

Create File Request Directly From Destination Folder

Re: My file request link is suddenly opening to a white screen

400 status code for a regular GET request

The API key I created yesterday has expired today

Recent Discussions

get_shared_link_metadata API problem with the new '/scl' folder links.

Trying to download a file, but no file is being downloaded.

Dropbox internal error occured - Resolution

How to add the entire team to team folder by api

API Upload .HEIC and convert to JPG