Skip to content

Dropbox App Credentials

Service Name: Dropbox

Service Description: Dropbox is a cloud storage service that allows users to store files online and sync them across devices. It offers APIs for developers to build applications that can access and manipulate files stored in Dropbox.

Service Address: https://www.dropbox.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the team level for Dropbox Business accounts, but not directly for app credentials.

Secret Access Scope: Grants programmatic access to Dropbox APIs, allowing applications to access, modify, and manage files and folders in a user's Dropbox account based on the permissions granted during OAuth authorization.

Secret Revokement URL: https://www.dropbox.com/account/security

Secret Example: sl.BXhP7ztdq8j2Vl5xutXrT-dFG9RHO8FyPPPPPPPPPPPPPPPPPPPP

Suspicious Activity Investigation Instructions:

  • Review the Dropbox app console for unusual API calls or file access patterns
  • Check the connected applications in your Dropbox account settings
  • Monitor for unauthorized file access, modifications, or sharing activities
  • Review authentication logs for suspicious login attempts or locations
  • Check for unexpected file sharing or permission changes

Mitigation Instructions:

  • Log in to your Dropbox account at https://www.dropbox.com/
  • Navigate to Settings > Security
  • Under "Connected apps," find the compromised app and click "Disconnect"

  • Generate new app credentials in the Dropbox Developer Console

  • Update your application with the new credentials
  • Consider implementing more restrictive scopes for your app
  • Enable two-factor authentication for your Dropbox account
  • Review and update your app's security settings in the Dropbox Developer

Console