We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
I'm struggleing to download a single file from the API
Hello there,
I'm struggleing to download a single file from the API.
I'm supplying the app key and secret for App Authentication but I'm getting this error:
Error in call to API funct...
novaut wrote:...
One question for how long refresh_token is alive? Is it long-lived?
...
Hi novaut,
Yes, it's long lived token. The refresh token remains valid till explicit revoke either from application itself or user that granted access for your application to its data.
novaut wrote:...
I successfully got the file from Dropbox using the refresh_token and it doesn't ask for http authentication 🙂
...
You make me doubt you have understand everything correctly. You can download a file only with access token authentication, not directly with refresh token!!! The refresh token helps you keep receiving valid access token without further user actions. 😉 Hope this was just a confusion while typing.
Good luck.
Greg-DB
Dropbox Staff
Dropbox Staffnovaut To download a file, it is correct to use the /2/files/download endpoint. You can find the information for using that endpoint in the documentation for /2/files/download here. As shown there, that endpoint supports "User Authentication", but not "App Authentication". There's also an curl example for that endpoint in endpoint documentation.
For reference, the "Authentication types" page lists different types that are used by different endpoints of the Dropbox API, but not every endpoint supports every type. The examples under each type show some example(s) of an endpoint which do support that type. For instance, the examples under "App Authentication" show the use of /2/files/get_thumbnail_v2, which does support App Authentication, but not /2/files/download.
So, to call /2/files/download, you need to use "User Authentication", which requires the an OAuth 2 access token as a "Bearer" token. It's not possible to successfully call /2/files/download using an app key/secret as "Basic" authorization.
And as Здравко noted, you need to authorize the app manually once, after which you can use the (short-lived) access token and refresh token. The "authorization code" can only be used once, in the process of retrieving the access token and refresh token. The refresh token doesn't expire automatically though, and can be re-used repeatedly without manual intervention to retrieve new short-lived access tokens whenever needed. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.
Greg-DB wrote:... For instance, the examples under "App Authentication" show the use of /2/files/get_thumbnail_v2, which does support App Authentication, ...
🤔 Hm.. really... let's see this ' for instance':
curl -X POST "https://content.dropboxapi.com/2/files/get_thumbnail_v2" -u "<APP_KEY>:<APP_SECRET>" \ --header "Dropbox-API-Arg: {\"resource\": {\".tag\": \"path\",\"path\": \"/a.docx\"},\"format\": \"jpeg\",\"size\": \"w64h64\",\"mode\": \"strict\"}"curl -X POST "https://<APP_KEY>:<APP_SECRET>@content.dropboxapi.com/2/files/get_thumbnail_v2" \ --header "Dropbox-API-Arg: {\"resource\": {\".tag\": \"path\",\"path\": \"/a.docx\"},\"format\": \"jpeg\",\"size\": \"w64h64\",\"mode\": \"strict\"}"curl -X POST "https://content.dropboxapi.com/2/files/get_thumbnail_v2" \
--header "Authorization: Basic <base64(APP_KEY:APP_SECRET)>" \ --header "Dropbox-API-Arg: {\"resource\": {\".tag\": \"path\",\"path\": \"/a.docx\"},\"format\": \"jpeg\",\"size\": \"w64h64\",\"mode\": \"strict\"}"
Which one is correct? 🧐 If any...
... Where is the error? 🙋
- Greg-DB
Здравко Those three examples show three different ways of supplying the app key and secret to curl. I seems you're hinting that the calls overall don't make sense otherwise though as the use of the "path" in the sample parameters won't work for app authentication in particular. I'll ask the team to fix that up.
Hi Здравко,
I understood how it works.
One question for how long refresh_token is alive? Is it long-lived?
I successfully got the file from Dropbox using the refresh_token and it doesn't ask for http authentication 🙂
Thank you so much for your help 🙂
novaut wrote:...
One question for how long refresh_token is alive? Is it long-lived?
...
Hi novaut,
Yes, it's long lived token. The refresh token remains valid till explicit revoke either from application itself or user that granted access for your application to its data.
novaut wrote:...
I successfully got the file from Dropbox using the refresh_token and it doesn't ask for http authentication 🙂
...
You make me doubt you have understand everything correctly. You can download a file only with access token authentication, not directly with refresh token!!! The refresh token helps you keep receiving valid access token without further user actions. 😉 Hope this was just a confusion while typing.
Good luck.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
