We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
Simple Node script not working with clientId /secret
I'm trying to do the worlds simplest node dropbox script but getting an error, clearly I am missing something.
I set up an App - and gave it all the read permissions.
Then I have this script which should list the contents of the root - which I assume would be the App folder name I setup:
```
import { Dropbox } from "dropbox";
import fetch from "node-fetch";
const clientId = "***";
const clientSecret = "***";
const config = {
fetch,
clientId,
clientSecret,
};
const dbx = new Dropbox(config);
dbx
.filesListFolder({ path: "" })
.then((response) => {
const entries = response.result.entries;
console.log("Contents of the root directory:");
entries.forEach((entry) => {
console.log(entry.name);
});
})
.catch((error) => {
console.error("Error listing contents:", error);
if (error.response) {
console.error("Error response:", error.response.data);
}
});
```
I have the correct id and secret entered when I run it, not ***
When I run it I get an error:
```
Error listing contents: DropboxResponseError: Response failed with a 409 code
at D:\Repos\locket-emailer\node_modules\dropbox\cjs\src\response.js:34:11
at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
status: 409,
headers: {
'accept-encoding': 'identity,gzip',
'cache-control': 'no-cache',
connection: 'close',
'content-length': '126',
'content-security-policy': 'sandbox allow-forms allow-scripts',
'content-type': 'application/json',
date: 'Sat, 23 Dec 2023 03:34:45 GMT',
server: 'envoy',
'x-content-type-options': 'nosniff',
'x-dropbox-request-id': '266f5a0735ac4753a45ad1bb0214e9c5',
'x-dropbox-response-origin': 'far_remote'
},
error: {
error_summary: 'path/unsupported_content_type/..',
error: { '.tag': 'path', path: [Object] }
}
}
```
Shouldn't this work? I read in another thread that the app permissions don't allow access to anything but in another place I read I should be able to access the apps folder which makes more sense to me.
All I want to end up with is a script I will run on a local computer on a schedule to get some shareable links - for my own files which will be in the apps folder.
I was able to get this all to work as a script. So far it has worked great, running every 15 minutes for the last week. I only do the dropbox auth part if the thing I want to share has actually changed which happens several times per day during working hours.
In order get the refresh token chatGPT give me a script to run in powershell:
I pasted this in all at once:
$clientId = "yourAppIDHere"$clientSecret = "YourAppSecret"$authorizationCode = "ACCESSCodeFromPreviousStep"$base64Auth = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("${clientId}:${clientSecret}"))$headers = @{ Authorization = "Basic $base64Auth"}$body = @{ code = $authorizationCode grant_type = "authorization_code"}$response = Invoke-RestMethod -Uri "https://api.dropbox.com/oauth2/token" -Method Post -Headers $headers -Body $body# Output the access token$response.refresh_tokenThat gave me refresh token that I can then use to get a current access token - so that is hard coded in the script.I then have a db auth function which uses that refresh token and returns a new access token:import fetch from "node-fetch";const clientId = "yourAppID";const clientSecret = "YourAppSecret";const refreshToken ="RefreshTokenFromPowershell";// Function to refresh the access tokenexport default async function refreshAccessToken() {method: "POST",headers: {"Content-Type": "application/x-www-form-urlencoded",Authorization: `Basic ${Buffer.from(`${clientId}:${clientSecret}`).toString("base64")}`,},body: `grant_type=refresh_token&refresh_token=${refreshToken}`,});const data = await response.json();console.log("data in refresh :>> ", data);if (data.access_token) {return data.access_token;} else {throw new Error("Failed to refresh access token");}}Then I use that access token like you normally would.import fetch from "node-fetch";const config = {fetch,accessToken,clientId,clientSecret,};const dbx = new Dropbox(config);const data = await dbx.filesListFolder({ path: "" });
yes, first time trying to do anything with the dropbox api, and in general I am not the most skilled at this but can usually get the job done. I did look thru lots of example and have not seen anything like what I want to do (node script on schedule).
I can do what that code does with an access token, but that only works for a few hours thus why I tried to use the app id and secret.
All of the examples I have seen need to interact with someone via a browser or like that prompt to get a token - but this is just for a script that I want to run on my own files and it will run on a schedule so there won't be anyone around to fill in the prompt. It sounds like this used to be easy when the access codes were not short lived.
Can you tell me if the app id/secret can do this? I have seen other posts by you I think that said the app id/secret does not have access to any particular users DB but somewhere else I read that it should be able to do stuff with the apps folder.
I'll try to get the refresh token thing to work with an access token since I'm guessing I am misunderstanding the purpose of the app id/secret.
Thanks for the reply.
rdyar wrote:... since I'm guessing I am misunderstanding the purpose of the app id/secret.
...
Yes, for sure. As their name part (app - 'app' key/id and 'app' secret) suppose, it's not account related, but application related. To access particular account related thing (like listing some folder in Dropbox account, even when the account is yours) you need to authenticate the account, not application (even when the application is your property). Otherwise you don't have access to there.
rdyar wrote:...
I can do what that code does with an access token, but that only works for a few hours thus why I tried to use the app id and secret.
...
Yes, access token is short lived and works for limited time span (4 hours or so). As explained above already, app related authentication cannot replace account related! For long term access you need refresh token that doesn't expire automatic and can be reused. The common (border) thing between application authentication and account authentication is OAuth flow. To get refresh token, you need to perform offline access type OAuth flow.
Hope this sheds additional light.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
