We’ll be making a few updates around ID formats & tokens this September and to TLS support early next year—you’ll want to review to ensure your app handles these correctly.
Notice: TLS 1.0 & 1.1 Deprecation
Beginning February 1st 2022, the Dropbox API will require that calls use TLS 1.2. Traffic using TLS 1.0 or 1.1 will be rejected.
The latest Dropbox SDKs will select the best TLS version for the environment, but SDKs over two years old may require updates. In particular:
Users of the Dropbox Java SDK should update to v3.1.1 (released June, 2019) or later. The current version is 4.0.
Users of the Dropbox Python SDK should update to v8.4.1 (released November, 2017) or later. The current version is 11.13.1.
Typically no action is required for applications built with up-to-date libraries in modern environments, as TLS 1.2 has been available on major mobile & desktop operating systems since 2014.
Developers whose application may be run in older or unusual environments should investigate to ensure compatibility.
Reminder: ID formats
As a reminder, on September 30th, 2021, the Dropbox API will begin returning new namespace IDs as strings with the format String(pattern="[-0-9a-zA-Z:]+"). That means that namespace IDs may contain letters, numbers, and the symbols “-”, “", and “:”.
Namespace IDs refer to folder permission spaces. They are used in the API to refer to shared folders, team folders, and root folders. They may also be used in path arguments. Field names such as ns_id, target_ns_id, previous_parent_ns_id, new_parent_ns_id, root, namespace_id, shared_folder_id, parent_shared_folder_id, team_folder_id, team_folder_ids, root_namespace_id, home_namespace_id, member_folder_id and nspath would be impacted by this change.
While the Dropbox API specification has indicated the string data type for these fields, the actual values returned by the API have been string representations of integers. We’re notifying you in case your application’s code and data storage can’t handle this string pattern. If your app already handles and stores these values as string types rather than integers, no action is required.
Action required: tokens and permissions
As a reminder, on September 30th, 2021, the Dropbox OAuth flow will no longer return new long-lived access tokens. It will instead return short-lived access tokens, and optionally return refresh tokens. Existing tokens are not impacted.
Apps that require background access will need to update their code to use refresh tokens, which is made easier by using our updated SDKs. All other apps should ensure that users are directed to re-authorize upon token expiration.
The Dropbox API now supports more granular permission scopes. While you review your application’s OAuth flow, be sure to check for scopes that may not be required.
For detailed instructions, please see:
Dropbox OAuth Guide
Blog post — Now Available: OAuth scopes and enhanced permissions
Blog post — Migrating App Permissions and Access Tokens
Apps created after September 17th, 2020 are already using short lived tokens & scopes.
Reminder: Team Reports APIs End of Life
The Team Reports APIs (such as reports/get_activity, get_devices, get_membership, and get_storage) were deprecated in 2020, and as of July 1st 2021 are retired.
The reports APIs provided aggregate statistics. Membership, storage, device usage, and storage information can be found from other Business API endpoints.
The team_log/get_events provides an event log that can be queried for activities such as sharing events, device connections, and membership changes.
Current devices can be enumerated with devices/list_member_devices.
Membership can be enumerated with members/list_v2.
Storage usage and allocation can be found with users/get_space_usage.
Platform updates
As you review these changes, be sure to check out the latest additions to the Dropbox platform. The Dropbox developer blog is the best place to find developer feature announcements, tutorials, and resources.
For example, we’ve recently updated the API to enable creating and updating Dropbox Paper docs. These paper documents are accessible through the file APIs.
If you have any questions, visit our developer forum or submit a ticket.
As dropbox now only work with short lived tokens, new created connections do not work any more.
The setting that was available in dropbox to avoid the expiry does not exist anymore.
Got the following reminder per eMail
Dropbox API possibly needs an update
We’ll be making a few updates around ID formats & tokens this September and to TLS support early next year—you’ll want to review to ensure your app handles these correctly. Notice: TLS 1.0 & 1.1 Deprecation
Beginning February 1st 2022, the Dropbox API will require that calls use TLS 1.2. Traffic using TLS 1.0 or 1.1 will be rejected.
The latest Dropbox SDKs will select the best TLS version for the environment, but SDKs over two years old may require updates. In particular:
Typically no action is required for applications built with up-to-date libraries in modern environments, as TLS 1.2 has been available on major mobile & desktop operating systems since 2014.
Developers whose application may be run in older or unusual environments should investigate to ensure compatibility.
Reminder: ID formats As a reminder, on September 30th, 2021, the Dropbox API will begin returning new namespace IDs as strings with the format String(pattern="[-0-9a-zA-Z:]+"). That means that namespace IDs may contain letters, numbers, and the symbols “-”, “", and “:”.
Namespace IDs refer to folder permission spaces. They are used in the API to refer to shared folders, team folders, and root folders. They may also be used in path arguments. Field names such as ns_id, target_ns_id, previous_parent_ns_id, new_parent_ns_id, root, namespace_id, shared_folder_id, parent_shared_folder_id, team_folder_id, team_folder_ids, root_namespace_id, home_namespace_id, member_folder_id and nspath would be impacted by this change.
While the Dropbox API specification has indicated the string data type for these fields, the actual values returned by the API have been string representations of integers. We’re notifying you in case your application’s code and data storage can’t handle this string pattern. If your app already handles and stores these values as string types rather than integers, no action is required.
Action required: tokens and permissions As a reminder, on September 30th, 2021, the Dropbox OAuth flow will no longer return new long-lived access tokens. It will instead return short-lived access tokens, and optionally return refresh tokens. Existing tokens are not impacted.
Apps that require background access will need to update their code to use refresh tokens, which is made easier by using our updated SDKs. All other apps should ensure that users are directed to re-authorize upon token expiration.
The Dropbox API now supports more granular permission scopes. While you review your application’s OAuth flow, be sure to check for scopes that may not be required.
For detailed instructions, please see:
Apps created after September 17th, 2020 are already using short lived tokens & scopes.
Reminder: Team Reports APIs End of Life The Team Reports APIs (such as reports/get_activity, get_devices, get_membership, and get_storage) were deprecated in 2020, and as of July 1st 2021 are retired.
The reports APIs provided aggregate statistics. Membership, storage, device usage, and storage information can be found from other Business API endpoints.
Platform updates As you review these changes, be sure to check out the latest additions to the Dropbox platform. The Dropbox developer blog is the best place to find developer feature announcements, tutorials, and resources.
For example, we’ve recently updated the API to enable creating and updating Dropbox Paper docs. These paper documents are accessible through the file APIs. If you have any questions, visit our developer forum or submit a ticket.
Thanks, -The Dropbox Platform Team