0

I am using the Dropbox API to pop (slowly) generated PDF documents directly into the user's Dropbox when they are ready. To that end my application asks users to provide their Dropbox Apps folder API token and then use it to upload the PDFs as discussed in a previous thread.

No issues thus far. What I would like to be able to do is to subject the "token" they provide to some basic authentication to ensure that it is indeed a Dropbox token. I haven't been able to get any help from Dropbox on this subject.

  • Is there a known format for such tokens?
  • Do they bear some form of checksum that can be used to validate them?

I'd be most obliged to anyone who might be able to help with this.

Community
  • 1
  • 1
DroidOS
  • 8,530
  • 16
  • 99
  • 171

1 Answers1

1
  • No, the Dropbox API doesn't make any guarantees about the exact format of an access token like this.
  • No, there isn't a checksum you can use to validate them.

Note that access tokens can be revoked remotely anyway, so the only way to check if an access token is actually valid is to attempt an API call with it (e.g., most developers use the account information call, since there aren't any side effects) to check if it succeeds or fails.

Greg
  • 16,359
  • 2
  • 34
  • 44