dropbox api OAuth2 keys - my potential security flaw

Hello guys,

I have been using the dropbox api and OAuth2 to let people to save and access their data from their dropbox on my app, however I have realised I may be doing something wrong with the keys I had gotten from dropbox. These keys I have hardcoded them into my app so that it knows to link to my particular dropbox API when someone tries to log into it on my app, is this the correct way or doing it? Or is the user suppose to generate a new key every time ?

Just for some background info - the user still uses their own dropbox login and password to log into their dropbox. To the best of my knowledge, the hardcoded keys function is to point to my particular dropbox API.

That’s possibly something best answered on a dropbox API forum, I’m not sure you’ll get an answer here.


Okay cheers dude, will have a go at that