I got a dropbox-link with some files, protected by password.
I got the link, the password, dropbox business account, and App key, App secret that i got from creating a new App in https://www.dropbox.com/developers/
What is the next step?
Thanks
If you want to download a file from a Dropbox shared link programmatically, you can use the /2/sharing/get_shared_link_file endpoint. (That's the HTTPS endpoint itself, but if you're using one of the official Dropbox API v2 SDKs, there will be a corresponding method.)
This endpoint is accessible via Dropbox API apps, as well "Team member file access" Dropbox Business API apps, via the "Member file access" feature. Other Dropbox Business API apps cannot call this endpoint.
Related
I have a Google Script Application that has the doGet method implemented. Also, I've deployed the application and have set up the Google Cloud Platform (GCP) Project.
I have an Excel VBA Application that uses https://github.com/VBA-tools/VBA-Web. I can call the Google Apps Script URL with no problem when I use an OAuth 2.0 Client ID (The internet window opens, I choose the Google Account, grant rights, get the authorization code, and everything works well).
But, I want to use an API Key, and not use the Google login process with screen authentication. I thought that a Google Service account will work, but not sure. Any Idea?
You can create a API Key from API & Services option, then you can restrict the key just to use only Calendar API
Google Drive API question,
I am writing an application that can view a users' Google Drive files and folders from their google account (can be individual or part of an enterprise).
So on my Google Drive enterprise, I have created an API application. So I have an API key and Secret key stored in my application.
Now I want to use OAuth to authenticate the user so that they can approve my application to read their files. The users will not be part of my enterprise. They can be individual Google accounts, or they can be a single user from an some other enterprise account.
Is this possible? Or are there technical/security reasons this is not allowed?
I just got off the phone with wonderful Google api support agent, and I have my answer:
Yes this is possible to do. however due to the recent phishing attack, Google has put in place new security features that affect the following APIs:
Google drive
Gmail
Contacts
Directory Admin SDK
Here are the new rules:
There is a new security form we will need to fill out and be approved before we will be able to be approved as a trusted app that is able to access these api's using OAuth2 authentication.
Google has provided a feature that many enterprises use that allows an enterprise to completely disable the ability to access these api's using oauth2. So even though we have been approved from step1, we may still get an error for some enterprises who have directly blocked this; however, they can white list us in order to allow it from our enterprise if admin's prefer, while still blocking general use for others.
See links:
https://support.google.com/a/answer/7281227
https://developers.google.com/drive/v3/web/about-auth
https://developers.google.com/identity/protocols/OAuth2
https://www.reddit.com/r/google/comments/692cr4/new_google_docs_phishing_scam_almost_undetectable/
Is it possible to create "public developer app" for Dropbox (Business Api)?
I created a Dropbox account for "MyOrganisation" and I set up a Developer App (MyOrgApp) and retrieved appId and appkey. This App is using Oath endpoints to get the access token. When I login with MyOrganisaiton admin account credentials, I get the accesstoken which I can use to do Api calls for MyOrganisation. It works fine.
My question is that will I be able to use this App (MyOrgApp) to do Api calls for another organisation "Organisation2"? Or Dropbox apps are more like Private Apps where each Organisation needs to have their own app to make api calls?
The Dropbox Business API doesn't make a distinction between "public" and "private" API apps exactly. You can use your registered Dropbox Business API app to operate on multiple different teams, but you first need to get "production" access. You can find more information about that here:
https://www.dropbox.com/developers/documentation/http/teams#production
We have tried various things to get the Google Site Verification API to work, including:
How can I authorize with OAuth 2.0 for google's predictive API in Ruby?
By calling: https://developers.google.com/site-verification/v1/webResource/list using the service account we always get an empty response: {}
When trying the same thing via the web console we get all the websites. We have like 30 websites.
I also had a look at this stackoverflow: Unable to access Google Sites via API, but can via Oauth Playground. Why?, without success.
Why is the body empty?
OAuth 2.0 is not an option for us, as we have a server application.
When using the service account, it will only list the sites that are owned by that service account. If you want to get the sites of a specific user, you must impersonate that user.
I haven't implemented it yet, but apparently you must go to http://www.google.com/a/{your-domain}/ManageOauthClients logged as the user that owns the sites and authorize the client ID of the service account you'll use to access the API, with the appropriate scopes.
This video explains it using Google Drive, but the authentication process is the same.
I'm not sure if this is available for Gmail users.
I'm building a windows service that would upload files to Box.com under some conditions.
How can I authenticate without having the user go to a webpage and enter the username and password ?
I can't seem to find the details in the documentation.
thanks.
At the moment, you have two options.
You can sign up for the 'instant mode' beta that gets you an authentication token via the /tokens V2 API endpoint, but limits you to accessing a single folder in the user's account.
You can use the V1 authentication APIs. If your app is a company internal app, then we have a V1 authentication API that we can enable for you to do direct logins. However, direct logins are less secure, and generally discouraged.