In this instruction blog, we will show you how to create OAuth 2.0 API keys on your Dropbox account. These are necessary to make API calls from ERPAG via Blockly scripts. The instructions show how the process itself currently looks. But in the meantime, the design of the website we are describing may change. So if there is a change, you should follow the steps described in the Dropbox documentation. Basically, regardless of possible website design changes, the principle remains identical so that you will easily find your way and follow this instruction.

Since OAuth 2.0 authorization is a system with the highest level of security, the process of receiving API keys is much more complex than standard ones, so it is necessary to follow these steps:

  • First of all, you need to have a registered Dropbox account that you can use to access your data, that is, which you use to log into the Dropbox service;
  • You need to log in to the Dropbox Admin Console with your Dropbox account;
  • You need to create a new application through the Dropbox Admin console;
  • After creating a new application, you need to fill in the application parameters that Dropbox requires. And after that, the necessary data (Client ID and Client Secret) are generated for you to authorize external applications (in this case – ERPAG).

Setting up a Dropbox account

Let’s start from the top. So, first, you need to have your Dropbox account created. Once you have your Dropbox account, you need to log in on the following link:


After logging in to the portal, you need to click on the “Explore more Dropbox apps“ option. Then select „App Center“ option, as shown in the picture below:

dropbox app center

Creating a new application in Dropbox

The next step is creating a new application by activating “Build an app” link.

dropbox build an app

Now you are redirected to the Dropbox page for developers, where you need to select „App Console“ option.

dropbox app console

Click on the „Create app“ button.

dropbox - create app

Select options as shown on the picture, enter the description (you can input any description). And click on the „Create app“ button,

dropbox - select options

After you create an application, you have to do some more adjustments. Select „Settings“ options, and scroll down this page.

dropbox - settings

On this page, you can see the already generated data „App key“ and „App secret“. They essentially represent „Client ID“ and „Client secret“. Save this information, as you will need to enter them in ERPAG.

In the OAuth 2 – Redirect URIs option, enter the URL and make sure to click the “Add” button. In the “Allow public clients (Implicit Grant & PKCE)” option you need to select “Allow” option.

dropbox keys

Now it’s required that you define App permissions. This means that you have to define Scope which determines to which API calls you allow access. Click on the „Permissions“ option.

dropbox permissions

Scroll down this page and select options „profile“, „email“, and if you want the possibility to read/write files on your Dropbox, you have to turn on options „files.metadata.write“, „“, „“ and „files.content.write“ and then click on the “Submit“ option.

dropbox options

The next step is selecting „Branding“ option, where you can input additional description data, if you wish. Once you complete everything, click on the „Save changes“ button, to record all previous settings.

dropbox - branding

Now your Dropbox API is ready for API calls that you will be able to create on your own, and call them from ERPAG.

Setting up ERPAG

In ERPAG, create a new API Authorization with the parameters you just generated on Dropbox. Log in to ERPAG and activate the “Administration – Customization” – “API Authorizations” option.

erpag - api authorizations

Select „ADD NEW“ – „OAuth 2.0“ option.

erpag add new oauth 2.0

For API calls to Dropbox, it is necessary to first authorize the application. This means that you have to enter a large number of parameters that you can find on the following page

You will find that the basic setup of the authorization process itself requires you to study the enormous documentation. That’s why we at ERPAG have created Templates for several different services. Here you only need to enter two basic data, while the other parameters are filled in automatically. In case you need any modification, you can always additionally correct the offered parameters. But it must be according to the documentation of the service you want to authorize (in this case, Dropbox).

By entering the “API authorization” form, go to “Template” and activate the “Dropbox with PKCE” option as shown in the image below.

erpag - dropbox

Now you need to enter the “Client ID” and “Client Secret” data that you created in Dropbox for developers and finally confirm the import.

add client id and client secret in erpag

After confirming the import, all necessary parameters will be set automatically. Finally, save the document.

erpag - import template

As you can see from the picture, the status of the document is “NOT AUTHORIZED”. This means that we have only entered the parameters, but the application is not yet authorized. Now you need to activate the “Get a new Access Token” button to finally allow access to your Dropbox API service.

get a new access token in erpag

Activating tokens

By activating the “Get a new Access Token” option, you are starting the process of connecting ERPAG to Dropbox through the OAuth 2.0 protocol. This requires you to log in to your Dropbox account and allow access. Since your Dropbox app is private, you need to allow access.

allow access in dropbox
allow access in dropbox

After successful authorization the status will be “AUTHORIZED”. Or, if some of the input parameters are incorrect or you have given up the authorization, the status can be “AUHORIZATION ERROR”.

Successful authorization means that ERPAG has received an authorization token and a refresh token from Dropbox that looks like this:

"access_token": "sl.B06iOSDrbio84mKgx6emaISANp7LN67R1c9Q51X9sst4nXfRLqVdaFWtCdB58WqYhi7Rm_VxdwV1fBwVTdGYq6OXufn_MS",
"token_type": "bearer",
"expires_in": 14400,
"refresh_token": "miUkKcIuedINhfgnJKUyfhjjbkkLIhhnn7t4CEvz1KLFHjhkihPbAfiJXXcg",
"id_token": "eyJhbGiZmFtaWx5X25hbWUiOiJTdXZhY2Fyb3YiLCJlbWFpbCI6InN0ZXZhic3ViIjoiZGJpWQiOiJka2Vzb29xZzl5MTdmcm8iLCJhdXRoX3RpbWUiOjE3MTUyNDg5-NjUsImRyb3Bib3g6dGVhbV9pZ4Xr7i6XuJg",
"scope": "email files.content.write files.metadata.write openid profile",
"uid": "1234567890123",
"account_id": "dbid:AhghkJuggvkYvjkHYA-f8u_BA-fxdffge"

The received access token is stored by ERPAG in your database, and you can use it through Blockly scripts by making new API calls to Dropbox according to your needs. Since the received token has its limited duration (expires_in in seconds) and if the token has expired, ERPAG will use the refresh token data to automatically obtain a new access token.

Start NOW

Read More

Related Posts

How Great Inventory Software Can Help Fight Inflation

In today's rapidly fluctuating economy, businesses face the daunting challenge of fighting inflation. Rising costs can erode profits and disrupt operations, making it essential to adopt strategies that mitigate these impacts. One powerful tool in this battle is...

read more
​ERPAG API – Xero OAuth 2.0 authorization

​ERPAG API – Xero OAuth 2.0 authorization

In this instruction blog, we will describe how to create OAuth 2.0 API keys on your Xero account. These API keys are necessary in order to make API calls from ERPAG via Blockly scripts. The instructions show how the process itself currently looks. If in the meantime...

read more