A guide to getting started with OAuth

A common sticking point for developers when they begin using the Dropbox API is how to properly authorize users using OAuth. Dropbox uses OAuth 2, an open standard, to handle connecting apps to users’ Dropbox accounts.

To help developers get started, we just published the Dropbox API OAuth guide, covering OAuth and user authorization in general. Check it out and let us know what you think, either here in the comments or on the Dropbox API development forum.

Read more

Get Easter eggs in your Dropbox

Some people think that Easter eggs are colorful hard-boiled chicken ova that you hide in a backyard once a year. Other people think Easter eggs are cute little surprises that developers build into their apps to delight their users. With the Dropbox API, Easter eggs can be both!

The Easter Eggs app creates a folder tree in your Dropbox with folders like “grass” and “drain pipe” and “under the back porch,” and then randomly adds image files of eggs. The aim of the game is to find all the eggs and drag the files to your “Easter basket”

Read more

How many HTTP status codes should your API use?

There are a lot of HTTP status codes. At the time of this writing, Wikipedia lists 75 different status codes, most of which you’ve probably never encountered. Many of us have heard of the tongue-in-cheek “418 I’m a teapot,” but very few are familiar with these:

  • 205 Reset Content
  • 300 Multiple Choices
  • 419 Authentication Timeout
  • 450 Blocked by Windows Parental Controls

Most API providers stick to a rather small set of status codes, which they list in their documentation. Facebook’s Graph API takes this to the extreme;

Read more


HTTP-based APIs often encode arguments as URL path and query parameters. For example, a call to the Dropbox API’s filename search endpoint might look like:

While URL encoding seems fine for simple examples, using JSON might have some advantages.

URL paths are complicated

In the example above, the first “+” is a literal plus sign because it’s in the URL. The second “+” represents a space because it’s in the URL query component. It’s easy to confuse the two since the encoding rules are mostly the same and sometimes the library functions are name something ambiguous like “urlencode”.

Read more

Limitations of the GET method in HTTP

We spend a lot of time thinking about web API design, and we learn a lot from other APIs and discussion with their authors. In the hopes that it helps others, we want to share some thoughts of our own. In this post, we’ll discuss the limitations of the HTTP GET method and what we decided to do about it in our own API.

As a rule, HTTP GET requests should not modify server state. This rule is useful because it lets intermediaries infer something about the request just by looking at the HTTP method.

For example,

Read more

Swift apps with Dropbox

Update: The Sync and Datastore SDK has been deprecated. Learn more here.

Swift is a new programming language for iOS and OS X with a modern syntax. Swift is fast and powerful and it’s easy to see why Swift is gaining popularity amongst developers.

We’re happy to say that you can use any of the Dropbox SDKs for iOS/OS X in your Swift app. Let’s take a look at using the iOS Sync SDK in Swift.

Importing the Dropbox framework

To get started, you’ll need to follow the iOS Sync SDK installation instructions.

Read more