--- title: "Creating an OAuth App in Dropbox" description: "This guide will walk you through creating a Dropbox app, retrieving your Client ID and Client Secret, and adding them to your Apideck dashboard so you can sync files securely. " author: "Tanya Gencheva" published: "2025-08-25T00:00+02:00" updated: "2025-08-27T20:33:42.345Z" url: "https://www.apideck.com/blog/creating-an-oauth-app-for-dropbox" category: "Unified API" tags: ["Unified API", "File Storage", "Guides & Tutorials"] --- # Creating an OAuth App in Dropbox The [Dropbox API](https://www.apideck.com/connectors/dropbox) is a comprehensive RESTful interface that allows developers to interact with Dropbox's cloud storage platform programmatically. Built on OAuth 2.0 with Scoped Access, the API provides fine-grained permission control, enabling applications to request only the specific capabilities they need. This guide will walk you through creating a Dropbox OAuth app using the DBX platform. ### Prerequisites Before you begin, ensure you have: 1. A [Dropbox account](https://www.dropbox.com/register) (free or paid) 2. An [Apideck account](https://www.apideck.com/signup) for unified API access 3. Basic understanding of OAuth 2.0 concepts 4. Development environment set up for your platform ### Key OAuth Concepts **Authorization vs Authentication** - **Authentication**: Verifying user identity ("Who are you?") - **Authorization**: Granting permission to access resources ("What can you do?") **Token Types** - **Access Token**: Short-lived (4 hours), used for API requests - **Refresh Token**: Long-lived, used to obtain new access tokens - **Authorization Code**: One-time use, exchanged for tokens ### OAuth Flow Types **1. Authorization Code Flow (Recommended)** - Best for web applications and mobile apps - Supports refresh tokens for offline access - Most secure as client secret is protected **2. Implicit Flow (Deprecated)** - Previously used for client-side applications - No longer recommended due to security concerns - Replaced by Authorization Code Flow with PKCE **3. Authorization Code Flow with PKCE** - Enhanced security for public clients - Prevents authorization code interception attacks - Recommended for single-page applications and mobile apps ### Access Types **Online Access** - Access token valid only while user is active - Suitable for real-time, user-present applications - No refresh token provided **Offline Access** - Provides refresh token for background operations - Essential for automated workflows and data synchronization - Requires explicit `token_access_type=offline` parameter ## Step 1: Create a Dropbox App 1. Access the Dropbox developers page at [https://www.dropbox.com/developers](https://www.dropbox.com/developers) 2. Click **Create App** 3. Select the following options: - **API**: Choose **Scoped Access** - **Type of Access**: Select **Full Dropbox** (or **App Folder** if you only want access to a specific folder) - **Name your app**: Enter a unique name (e.g., *YourCompany-Integration*) 4. Click **Create App** ![Dropbox create app page](https://res.cloudinary.com/apideck/image/upload/v1756198246/docs/connectors/dropbox/create-app.png) --- ## Step 2: Configure App Settings 1. On the **App Settings** page: - Copy the **App Key** (this will be your **Client ID**) - Copy the **App Secret** (this will be your **Client Secret**) 2. Under **OAuth 2**, add a redirect URI: - Use the callback URL: ``` https://unify.apideck.com/callback ``` - Click **Add** to save it 3. Under **Permissions**, make sure to assign these scopes: - **account_info.read** View basic information about your Dropbox account such as your username, email, and country - **files.metadata.read** View information about your Dropbox files and folders - **files.metadata.write** View and edit information about your Dropbox files and folders - **files.content.read** View content of your Dropbox files and folders - **files.content.write** Edit content of your Dropbox files and folders ![Dropbox permissions tab](https://res.cloudinary.com/apideck/image/upload/v1756198246/docs/connectors/dropbox/permissions-tab.png) 4. (Optional) Configure your domain name and logo on the **Branding** tab ![Dropbox branding tab](https://res.cloudinary.com/apideck/image/upload/v1756198246/docs/connectors/dropbox/branding-app.png) --- ## Step 3: Add Credentials to Your Apideck Dashboard 1. Log in to your [Apideck Dashboard](https://app.apideck.com/) 2. Navigate to **Configuration** → **Dropbox** 3. Enter the **Client ID** and **Client Secret** you copied earlier 4. Save your changes ![Apideck dashboard Dropbox integration](https://res.cloudinary.com/apideck/image/upload/v1756198246/docs/connectors/dropbox/configure-connector.png) --- ## Step 4: Test the Connection 1. Go back to the **Dropbox integration** in your dashboard 2. Click **Test Vault** to launch a Dropbox sign-in window 3. You’ll be redirected to Dropbox to authorize the connection 4. After granting access, you should see the integration status as **Connected** ![Dropbox integration connected](https://res.cloudinary.com/apideck/image/upload/v1756198246/docs/connectors/dropbox/authorization-completed.png) --- ## Step 5: You’re ready to do your first API call 🎉 Your Dropbox integration is now set up and ready to use through Apideck to test the connection: Make a test call to retrieve files: ```bash curl --location --request GET 'https://unify.apideck.com/file-storage/files' \ --header 'x-apideck-consumer-id: test-consumer' \ --header 'x-apideck-app-id: {APIDECK_APP_ID}' \ --header 'x-apideck-service-id: dropbox' \ --header 'Authorization: Bearer {APIDECK_API_KEY}' \ --header 'Content-Type: application/json' ``` ## Start Building with the Dropbox API Learn more about what you can [build with the Dropbox File Storage API](https://developers.apideck.com/apis/file-storage/dropbox). ### Additional Resources - [Dropbox OAuth Guide](https://developers.dropbox.com/oauth-guide) - [Dropbox API Reference](https://developers.dropbox.com/documentation/http/documentation) - [Apideck File Storage API](https://www.apideck.com/file-storage-api) - [File Storage API Reference](https://developers.apideck.com/apis/file-storage/reference) - [Top File Storage APIs in 2025](https://www.apideck.com/blog/top-5-file-storage-apis-to-integrate-with) - [OAuth 2.0 Security Best Practices](https://tools.ietf.org/html/draft-ietf-oauth-security-topics)