Dropbox Sign Developer Documentation

Access tokens are only valid for a given period of time (typically one hour) for security reasons. Whenever acquiring an new access token its TTL is also given (see expires_in), along with a refresh token that can be used to acquire a new access token after the current one has expired.

Authentication

AuthorizationBasic

Basic authentication of the form Basic <username:password>.

AuthorizationBearer

Bearer authentication of the form Bearer <token>, where token is your auth token.

Request

This endpoint expects an object.

grant_typestringRequiredDefaults to refresh_token

When refreshing an existing token use refresh_token.

refresh_tokenstringRequired

The token provided when you got the expired access token.

client_idstringOptional

The client ID for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.

client_secretstringOptional

The client secret for your API app. Required for new API apps. To enhance security, we recommend making it required for existing apps in your app settings.

Response headers

X-RateLimit-Limitinteger

The maximum number of requests per hour that you can make.

X-RateLimit-Remaininginteger

The number of requests remaining in the current rate limit window.

X-Ratelimit-Resetinteger

The Unix time at which the rate limit will reset to its maximum.

Response

successful operation

access_tokenstring or null

token_typestring or null

refresh_tokenstring or null

expires_ininteger or null

Number of seconds until the access_token expires. Uses epoch time.

statestring or null

1	{
2	"access_token": "MDZhYzBlMGI1YzQ0ZjI1ZjYzYmUyNmMzZWQ5ZGNmOGYyNmQxMmMyMmQ2NmNiY2M3NW=",
3	"token_type": "Bearer",
4	"refresh_token": "hNTI2MTFmM2VmZDQxZTZjOWRmZmFjZmVmMGMyNGFjMzI2MGI5YzgzNmE3",
5	"expires_in": 86400
6	}

OAuth Token Refresh

Authentication

Request

Response headers

Response

Errors