We’ve been working on a new version of the Dropbox API for a while and it’s time to show you what we have so far. To start, we’ve implemented a select set of endpoints that highlight the big structural changes underway, and we’d like to know what you think!
Overall, we’ve simplified our use of HTTP. For example, most endpoints always use HTTP POST, including those that return structured data. Requests take JSON in the body and responses return JSON in the body.
We will continue to use other HTTP features in specific cases where they provide concrete benefits.
Some people think that Easter eggs are colorful hard-boiled chicken ova that you hide in a backyard once a year. Other people think Easter eggs are cute little surprises that developers build into their apps to delight their users. With the Dropbox API, Easter eggs can be both!
The Easter Eggs app creates a folder tree in your Dropbox with folders like “grass” and “drain pipe” and “under the back porch,” and then randomly adds image files of eggs. The aim of the game is to find all the eggs and drag the files to your “Easter basket”
There are a lot of HTTP status codes. At the time of this writing, Wikipedia lists 75 different status codes, most of which you’ve probably never encountered. Many of us have heard of the tongue-in-cheek “418 I’m a teapot,” but very few are familiar with these:
- 205 Reset Content
- 300 Multiple Choices
- 419 Authentication Timeout
- 450 Blocked by Windows Parental Controls
Most API providers stick to a rather small set of status codes, which they list in their documentation. Facebook’s Graph API takes this to the extreme;
Join us at the Wix Developer’s Lounge on Wednesday, May 13 for a panel on How to Leverage Media for Your Startup. Leah Culver from Dropbox, Matthew Makai from Twilio, and David Zuckerman from Wix will discuss the ways in which startups can use media, such as photos, videos, and audio to enhance their apps.
Here’s the details:
How to Leverage Media for Your Startup
Wednesday, May 13th
6:30 – 8:30 PM
Wix Developer’s Lounge – 500 Terry A Francois Boulevard, San Francisco, CA
RSVP for the event
Hope to see you there!
HTTP-based APIs often encode arguments as URL path and query parameters. For example, a call to the Dropbox API’s filename search endpoint might look like:
While URL encoding seems fine for simple examples, using JSON might have some advantages.
URL paths are complicated
In the example above, the first “+” is a literal plus sign because it’s in the URL. The second “+” represents a space because it’s in the URL query component. It’s easy to confuse the two since the encoding rules are mostly the same and sometimes the library functions are name something ambiguous like “urlencode”.
A few months ago, we patched a minor security vulnerability in our Android Core and Sync/Datastore SDKs. While most popular apps have already updated their Android SDKs, we’d like to ask all our Android developers to update their apps to use Core API Android SDK v1.6.3 or Sync/Datastore Android SDK v3.1.2.
For users to be affected by this vulnerability, they would’ve needed to:
- Use an affected app on an Android device
- Not have the Dropbox for Android app installed, and
- Visit a specially-crafted malicious page with their Android web browser targeting that app,