Dropbox App Credentials

Bridgecrew Policy ID: BC_GIT_38
Chekov Check ID: CKV_SECRET_38
Severity: LOW

Dropbox App Credentials

Description

When working with the Dropbox APIs, your app will access Dropbox on behalf of your users. You'll need to have each user of your app sign into dropbox.com to grant your app permission to access their data on Dropbox. Dropbox uses OAuth 2.0, an open specification, to authorize access to a user’s data. Once completed by a user, the OAuth flow returns an access token to your app. This authorization token your app and user in subsequent API calls. It should be passed with the Authorization HTTP header value of Bearer .

Fix - Buildtime

Dropbox

/token/revoke Disables the access token used to authenticate the call. If there is a corresponding refresh token for the access token, this disables that refresh token, as well as any other access tokens for that refresh token.

curl -X POST https://api.dropboxapi.com/2/auth/token/revoke \
    --header "Authorization: Bearer "