Overview
Merge lets you connect to any supported File Storage system through a single, unified API. While we work to standardize API-specific differences, some limitations and nuances remain—these are outlined below.
Authentication
See our guide to understand why Merge OAuth apps require specific scopes.
Google Drive | |
Sharepoint | For Writes access, non-admins may need admin consent. Follow this guide to request consent from your SharePoint admin or have them to link using their admin credentials. |
OneDrive | Personal accounts cannot be linked. |
Dropbox | Requires you to host your own OAuth app. Merge provides a demo OAuth app for testing purposes only. |
Box | For Group access, admin credentials are required. |
Access control lists
An Access Control List is a security feature used in systems (e.g., networking, file systems, databases) to define rules for what users or systems can access specific resources and what actions they can perform on them.
See our guide to learn about File Storage ACL best practices.
Downloading files
To learn how to download files see the Direct File Download guide.
Merge includes a checksum with each file object to help verify file integrity and authenticity. This is provided as a string that includes the hash type (as supported by the third-party API) and the content_hash. In some cases—such as when a file is moved from a personal to a business account—the hash type may change. When this happens, Merge automatically updates the check_sum to reflect the new hash type and value.
check_sum: {
type: sha256
content_hash: 149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
}Google Drive | To specify the MIME type for file download leverage the mime_types query parameter.
mime_types (String, optional) |
Sharepoint, OneDrive, Dropbox | Files are downloaded in their original MIME type. It is not possible to specify a different MIME type for downloads. |
Box | To download files users must select “Read & Write for Admins” in Merge Link.
Files are downloaded in their original MIME type. It is not possible to specify a different MIME type for downloads. See Box’s documentation. |
Syncing data
Real-time updates via webhooks — For most integrations, any creations, edits, or deletions to a file or folder will trigger updates in Merge. Some exceptions are:
Google Drive, Sharepoint, OneDrive |
|
Dropbox |
|
Box |
|
Rate limits
Various rate limits as determined by the third-party platforms. These are different than the standardized Merge rate limits (number of API calls per minute that you can request to Merge's API).
Google Drive | Queries: Up to 12,000 queries per 60 seconds per user |
Sharepoint | Daily Limits: Vary between 1.2 million to 6 million requests, depending on the number of licenses in the plan. |
OneDrive | General Limits: Subject to Microsoft Graph’s global limits of 130,000 requests per 10 seconds across all tenants. - |
Dropbox | Specific rate limits: Not publicly disclosed. Developers are advised to handle rate limiting by monitoring API responses and implementing appropriate backoff strategies. |
Box | Monthly Limits: Range from 50,000 to 200,000 API calls, depending on the plan. |
Supported and unsupported data nuances
Our integrations aim to sync all file storage data, though some limitations exist due to third-party restrictions.
Integration | What Merge syncs | Data that may be missing |
Google Drive | All files and folders the linked users has access to including My Drive and Shared Drives. | Group users – are only accessible to Google Workspace admins.
Files shared with a Group Google Drive API prevents access beyond the user’s own role, so we surface the “READ” permission. |
Box | All files and folders the linked users has access to.
Box does not use Drives, only Files & Folders.
Collections are not synced since they are just groupings of existing files under “All Files.” | Group users – May be populated for some linked accounts but requires Box admin access.
|
Dropbox | All file & folders the linked user has access to whether on a Personal or Business account.
Dropbox does not use Drives, only Files & Folders. | Group users – Requires admin-level permissions. |
Sharepoint | All file & folders the linked user has access to within document libraries of each accessible site.
Document libraries are normalized as Drives, named based on the site name + document library name.
Pages are not synced as they are unrelated to file storage. | Group users – Only email-associated groups return member data.
Merge does not fetch users from SharePoint site groups. We support Azure AD groups and Microsoft 365 Groups, which are the modern standard for managing SharePoint access. Microsoft is phasing out site groups as they are part of a legacy permission model rarely used in current deployments. |
OneDrive | All file & folders the linked user has access to in My Files, Home, and Shared tabs.
The OneDrive Drive is the same as the “My Files” tab.
Files in the Home tab (recently accessed, even outside of OneDrive) are synced via OneDrive’s /recent endpoint. | Quick Access files – OneDrive API does not provide an endpoint for this.
If SharePoint files appear in Quick Access but are missing, users should link their SharePoint account separately. |