We have a bunch of mixed up authenticated accounts from the past few years in our database, where some were given "Full Access" early on and later it was changed to just using the "App Folder".
Is there any way of using the API to know if the access_token we have is within an App Folder, or to the whole account?
We basically want to switch all accounts to App Folders, but only want to alter those that need it. We'll have to move folders and also store a default path in the DB.
Having looked through the documentation I can't see anything that gives this info, any thoughts?
The Dropbox API is designed so that the permission level (e.g., app folder vs full Dropbox) is transparent to the app, so there isn't a good/official programmatic way to detect the permission for any given access token. We'll consider this a feature request though.
That said, some features of the API are only accessible to full Dropbox apps, so you could use those as a way to implicitly detect the permission. For example, the /2/sharing/list_folders endpoint is only usable by full Dropbox apps:
Apps must have full Dropbox access to use this endpoint.
That could potentially work for you, though it's still not a great solution, since in the case of an app folder app, you'll get a 400 error with a plain text body (and not a nice structured 409 error) so you can't reliably tell the difference between that and some other 400 error. To work around that you could match against the error message, but that could change of course:
Error in call to API function "sharing/list_folders": Your API app is an "App Folder" app. It is not allowed to access this API function.
Thanks to @Greg for pointing me in the right direction.
Because /sharing/list_folders doesn't return any errors I was unable to distinguish the difference between Full Dropbox & App Folder access.
For future reference, to solve my query I did the following:
/sharing/get_folder_metadata with a made up shared_folder_idinvalid_id) then the access_token has Full Dropbox access