Connecting to Dropbox from an App Connect Designer instance in a containerized environment (local connector)

If you are using an App Connect Designer instance within an installation of IBM Cloud Pak® for Integration or IBM® App Connect Enterprise certified container, and have enabled locally available connectors, you can choose to use a local connector to connect to your Dropbox account.

What to consider first

To provide an extra layer of security, Dropbox has added support for the use of refresh tokens with short-lived tokens. This solution is more secure than using the current long-lived tokens. For this reason, Dropbox will retire the creation of long-lived access tokens on the 30 September 2021 resulting in all new tokens being short-lived.

App Connect will continue to support existing accounts using long-lived tokens however after 30 September 2021 if you choose a Basic OAuth authorization method we recommend you use a short-lived access token and refresh token pair.

Connecting to Dropbox

To use a local connector to connect to your Dropbox account, complete the following steps. (For more information about using an App Connect Designer instance in a containerized environment, see Creating and managing flows for an API in App Connect Designer.)

  1. Select Local then click Continue.
    Dropbox connection panel
  2. Enter the account information in the connection fields that are displayed (see the following table), and click Connect.
Table 1. Local connector fields
Field Description
Access token The long-lived or short-lived access token for your Dropbox application. Details about how to obtain this value are described below.
Refresh token The refresh token that is generated along with the short-lived access token. You can obtain the short-lived and refresh tokens pair by performing the Dropbox OAuth 2.0 authorization code flow steps as described in the following steps. A refresh token is generated to revalidate the expired short-lived access token.
Client ID The app key found in the settings page of your Dropbox application. This property is only required if you have provided the short-lived access token.
Client secret The app secret found in the settings page of your Dropbox application. This property is only required if you have provided the short-lived access token.
    1. Sign up for a Dropbox developer account in the Drop box DBX platform.
    2. Click Create apps and complete the form to create an app. The Settings page of the app is displayed.
    3. In the OAuth 2 section, use the Access token expiration menu to select No expiration.
    4. Click Generate.
      Button to generate a long-lived access token
    5. The long-lived access token is displayed and ready for you to use to access your Dropbox account.
    1. Sign up for a Dropbox developer account in the Drop box DBX platform.
    2. Click Create apps and complete the form to create an app. The Settings page of the app is displayed.
    3. In the Status column of the Settings page, the App key and App secret are displayed. The App key is the value that you need for the client ID and the App secret is the value that you need for the client secret in App Connect.
      How to find the application client ID and client secret
    4. In the OAuth 2 section, add a redirect URI. For the purposes of this example, we'll use https://www.google.com/.
      Adding a redirect URI
    5. Click Add.
    6. In the same section, use the Access token expiration menu to select Short-lived.
    7. To generate the access and refresh token pair, you need to generate an authorization code. To do this, construct a Dropbox authorization URL with your application’s client ID and redirect URI (if applicable) in the following format.
      https://www.dropbox.com/oauth2/authorize?client_id=MY_CLIENT_ID&redirect_uri=MY_REDIRECT_URI&response_type=code&token_access_type=offline
      For example:
      https://www.dropbox.com/oauth2/authorize?client_id=rt5alrhd93n7ga3&redirect_uri=https://www.google.com/&response_type=code&token_access_type=offline
      Note: Ensure that the redirect URI matches the exact format that you specified in Step 4. For more information about the Dropbox authorization URL, see https://www.dropbox.com/lp/developers/reference/oauth-guide.
    8. Paste the authentication URL into a browser window and click Enter to generate the authorization code. The code is located in the query string, as displayed in the following image.
      Authorization URL response with the authorization code
    9. Use an application such as IBM API Connect Test and Monitor or Postman to make a POST OAuth2 token call. 
      POST https://api.dropbox.com/1/oauth2/token
      Update the parameters as specified in the following table:
      Table 2.
      Key Value
      grant_type authorization_code
      client_id The app key retrieved in Step 3
      client_secret The app secret retrieved in Step 3
      redirect_uri The redirect URI that you specified in Step 4
      code The authorization code retrieved in Step 8
      For example:
      POST OAUth2 token call
    10. Click Send. The response is displayed with your access token and refresh token.
      Response displaying your access and refresh token
      Note: The refresh token does not expire unless you revoke the short-lived access token.
Tip:

Before you use the account that is created in App Connect in a flow, rename the account to something meaningful that helps you to identify it. To rename the account on the Applications and APIs page, select the account, open its options menu (⋮), then click Rename Account.