Announcing the Dropbox API v2 Explorer

It was a dark and stormy night. Wolves howled at the full moon as all the village slept — all except for our protagonist, who stared into their computer monitor, switching between API docs and their terminal. As they reread the documentation, they had an idea, and excitedly typed in a command. But it responded with yet another syntax error. Our protagonist felt like cURLing up into a ball.

Our protagonist dreamed that, one day, there might be a tool to help developers like them. Maybe even a GUI. One day, they could use it to painlessly get an OAuth2 token.

Read more

Migrating user access tokens from the Sync SDK to the Core SDK

The Sync API is being deprecated, and we recommend switching to the Core API. To avoid users having to reauthorize your app when you make the switch, you’ll want to extract the access tokens stored by the Sync API and reuse them.

This post shows you how to get the OAuth access tokens stored by the Sync SDK and use them with the Core SDK. For more on how OAuth works with Dropbox, check out this handy guide.

Read more

A guide to getting started with OAuth

A common sticking point for developers when they begin using the Dropbox API is how to properly authorize users using OAuth. Dropbox uses OAuth 2, an open standard, to handle connecting apps to users’ Dropbox accounts.

To help developers get started, we just published the Dropbox API OAuth guide, covering OAuth and user authorization in general. Check it out and let us know what you think, either here in the comments or on the Dropbox API development forum.

Read more

Get Easter eggs in your Dropbox

Some people think that Easter eggs are colorful hard-boiled chicken ova that you hide in a backyard once a year. Other people think Easter eggs are cute little surprises that developers build into their apps to delight their users. With the Dropbox API, Easter eggs can be both!

The Easter Eggs app creates a folder tree in your Dropbox with folders like “grass” and “drain pipe” and “under the back porch,” and then randomly adds image files of eggs. The aim of the game is to find all the eggs and drag the files to your “Easter basket”

Read more

How many HTTP status codes should your API use?

There are a lot of HTTP status codes. At the time of this writing, Wikipedia lists 75 different status codes, most of which you’ve probably never encountered. Many of us have heard of the tongue-in-cheek “418 I’m a teapot,” but very few are familiar with these:

  • 205 Reset Content
  • 300 Multiple Choices
  • 419 Authentication Timeout
  • 450 Blocked by Windows Parental Controls

Most API providers stick to a rather small set of status codes, which they list in their documentation. Facebook’s Graph API takes this to the extreme;

Read more


HTTP-based APIs often encode arguments as URL path and query parameters. For example, a call to the Dropbox API’s filename search endpoint might look like:

While URL encoding seems fine for simple examples, using JSON might have some advantages.

URL paths are complicated

In the example above, the first “+” is a literal plus sign because it’s in the URL. The second “+” represents a space because it’s in the URL query component. It’s easy to confuse the two since the encoding rules are mostly the same and sometimes the library functions are name something ambiguous like “urlencode”.

Read more