Great question—this is a super common scenario for backend services that need to interact with Dropbox without user-facing login flows. Let's break down your options clearly, since permanent (never-expiring) tokens are no longer supported by Dropbox:

1. Use Refresh Tokens (Recommended for Most Scenarios) #

Dropbox phased out permanent access tokens years ago, but you can get a long-lived refresh token that lets you automatically generate new short-lived access tokens in the background—no user interaction required. Here's how to set this up:

• First, go to your Dropbox App Console and ensure your app has:
  • Either "Full Dropbox" or "App Folder" access (pick based on your needs)
  • Offline access enabled (this is critical—without it, you won't get a refresh token)
• When you generate an initial token, you'll receive both a short-lived access_token (expires daily) and a refresh_token (this doesn't expire unless you manually revoke it or change your app permissions)
• In your .NET service, use the official Dropbox SDK to handle token refresh automatically. The SDK will detect when the access token is expired and use the refresh token to fetch a new one behind the scenes.

Example snippet with the Dropbox .NET SDK:

// Initialize the client with your refresh token, app key, and app secret
var dropboxClient = new DropboxClient(
    refreshToken: "YOUR_LONG_LIVED_REFRESH_TOKEN",
    appKey: "YOUR_APP_KEY",
    appSecret: "YOUR_APP_SECRET"
);

// Upload a file—SDK handles token refresh automatically if needed
using var fileStream = File.OpenRead(@"C:\path\to\your\file.txt");
var uploadResponse = await dropboxClient.Files.UploadAsync(
    path: "/your-dropbox-folder/file.txt",
    mode: WriteMode.Overwrite.Instance,
    body: fileStream
);

2. Service Accounts (For Business/Team Scenarios) #

If you're working with a Dropbox Business account and need to access team storage rather than a personal account, you can use a service account. This creates a dedicated Dropbox account for your backend service, with tokens that don't require user interaction. However, this is only available for Dropbox Business customers.

Key Notes to Remember #

• No permanent tokens exist anymore: Dropbox eliminated them for security reasons, but refresh tokens are effectively "permanent" as long as you don't revoke them.
• Keep credentials secure: Your refresh token, app key, and app secret should be stored in a secure vault (like Azure Key Vault or AWS Secrets Manager)—never hardcode them in your codebase.

内容的提问来源于stack exchange，提问作者Renat Khabibulin