Well that is how the API works.
You request a refresh token once, which then you use to get access token. Having the access token allows you to make the actions you need - getting user files, creating folders etc.
So is it a step in the Action somewhere, are there any Wappler docs that might give me an insight in the steps needed?
It's an API Action step that you make a call to the endpoint explained in the dropbox api docs. Same way you call the create folder endpoint.
Thank you, will give it a try
Yes, not all APIs use short-lived access tokens, but many do, and most of them rely on this method mainly for security reasons:
For example: If someone gains access to an access_token stored in a database, the entire flow could be compromised.. That's one layer of risk (the database)
However, if you use a refresh token instead, you typically also need another static value like a client_id or an internal secret code that isn’t stored anywhere, and it's handled in your backend.
This adds a second layer of protection (backend + database)
Each API request has it's own way on how to integrate it and documented, in this case is like teodor says...
2 Likes