Dropbox requires each customer to host their own OAuth app. You can still use our Merge Demo OAuth app for testing purposes, but before you launch into production, you must use your own Dropbox OAuth app.
Below are instructions on how to get your Dropbox OAuth app set up with Merge.
Setting up your Dropbox OAuth app
Sign up for a developer account here. Click Create apps to sign up.
Once you’re done signing up, navigate here and click Create app.
Choose “Scoped access” and “Full Dropbox”, so that your app has access to all files & folders.
On the “Settings” page for the app, there’s a couple things you’ll need to set:
Click Enable additional teams to enable your end users in teams to link their Dropbox app.
Click Enable additional users to enable your end users to link their Dropbox app.
Add “https://app.merge.dev/oauth/callback” to “Redirect URIs”.
On the “Permissions” page for the app, you’ll need to enable the following permissions. Please see below for more granular permission details per use case.
Hit Submit in the modal at the bottom to save your changes.
Lastly, navigate to “Branding” and fill in the details of your app.
Link your Dropbox app with Merge linking flow
To link your Dropbox OAuth app to Merge linking flow,
Navigate to https://app.merge.dev/integrations/filestorage.
Click on Dropbox and select the checkbox “I'm a Dropbox partner …”
Fill in the 3 OAuth credentials by copying & pasting from your Dropbox OAuth app.
OAuth Client ID = Dropbox App key
OAuth Client Secret = Dropbox App secret
OAuth Redirect URI = “https://app.merge.dev/oauth/callback”
Applying for production
While you don’t need your Dropbox app to be in production mode with under 50 users or 5 teams, you’ll still need to apply for production elsewhere.
In your Dropbox App Console, click on the app you want to apply for production.
Click Apply for Production.
There’s several things you’ll need to fill in:
Tick the checkbox of “My app will need to link with more than 50 Dropbox users”
You can use the below template to fill in some of the questions:
“What does your app do?” — 2-3 sentences about what your app does. You do not have to include Merge.
“How does your app use the Dropbox API?” — You could say something like ”Our product uses a 3rd party integration tool called Merge Unified File Storage API to power our Dropbox integration. With Merge, we
GET all Folder/File, so that our customers can sync & view all their Files.This utilizes the “/list_folders” endpoint.
GET all Users & File Permissions, so that our customers don’t see files they shouldn’t have access to. This utilizes the "/list_folder_members” and “/list_shared_links” endpoints.
POST File/Folder, so that our customers can create File/Folder. This utilizes the “/create_folder” and “/upload” endpoints.
Download File, so that we can analyze file content to generate insights for our customers. This utilizes the “/download” and “/export” endpoints.
Click Submit app once you’ve filled in the required fields. Dropbox should get back to you within a couple days!
Permissions defined by use case below:
Dropbox endpoints Merge call
To pull the root Dropbox namespace to retrieve files & folders from
To modify file metadata (in the future)
Retrieve file & folder metadata like name & size
Upload file, create folder
Share a file (in the future)
What about the Team permissions? — In our investigation, unfortunately if we request for any of the team scopes, only the Dropbox Business admin can authenticate. This blocks regular users from linking their own accounts. In the future, Merge may support a separate Dropbox Business integration to handle this.