Skip to content

Dropbox Client App Key

Service Name: Dropbox

Service Description: Dropbox is a cloud storage service that allows users to store files online and synchronize them across devices. It offers file storage, file sharing, personal cloud, and client software.

Service Address: https://www.dropbox.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Dropbox API for application authentication. This is the public identifier for your Dropbox app.

Secret Revokement URL: https://www.dropbox.com/developers/apps

Secret Example: abcde12345fghij

Suspicious Activity Investigation Instructions:

  • Check Dropbox developer console for unusual API calls or access patterns
  • Review application activity logs for unauthorized access
  • Monitor for unexpected file access or sharing activities
  • Check for changes in app permissions or settings
  • Verify if there are any new OAuth tokens issued

Mitigation Instructions:

  • Log in to the Dropbox developer console at https://www.dropbox.com/developers/apps
  • Locate the compromised application
  • Click on the application to access its settings
  • Generate a new client key by clicking "Reset" next to the app key
  • Update the key in all legitimate applications using this credential
  • Review and revoke any suspicious OAuth tokens
  • Consider enabling additional security measures like IP restrictions if available