Skip to main content
RapidDev - Software Development Agency
retool-integrationsREST API Resource

How to Integrate Retool with Dropbox

Connect Retool to Dropbox using a REST API Resource with OAuth 2.0 or a long-lived access token from a Dropbox App. Point the resource at https://api.dropboxapi.com/2/ and build a team file management panel that browses folders, manages shared folders, monitors team activity, and automates file organization workflows.

What you'll learn

  • How to create a Dropbox App and generate an access token for Retool integration
  • How to configure a REST API Resource for Dropbox API v2's unique POST-based request format
  • How to build queries for browsing folders, listing files, and managing shared content
  • How to build a team file management dashboard with sharing, activity monitoring, and search
  • How to handle Dropbox's unique request structure with JSON arguments passed as request headers
Book a free consultation
4.9Clutch rating
600+Happy partners
17+Countries served
190+Team members
Intermediate13 min read25 minutesStorageLast updated April 2026RapidDev Engineering Team
TL;DR

Connect Retool to Dropbox using a REST API Resource with OAuth 2.0 or a long-lived access token from a Dropbox App. Point the resource at https://api.dropboxapi.com/2/ and build a team file management panel that browses folders, manages shared folders, monitors team activity, and automates file organization workflows.

Quick facts about this guide
FactValue
ToolDropbox
CategoryStorage
MethodREST API Resource
DifficultyIntermediate
Time required25 minutes
Last updatedApril 2026

Build a Dropbox Team File Management Panel in Retool

Dropbox is ubiquitous for teams that work with files — design assets, documents, contracts, and media files all live in Dropbox folders shared across teams and with external collaborators. Operations and IT teams often need to manage Dropbox programmatically: auditing sharing permissions, tracking team storage usage, bulk-moving files between folders, and managing team member access. Retool provides a custom interface for these operations by connecting directly to Dropbox's API v2.

Dropbox Business accounts provide additional API capabilities beyond personal storage — team management, audit logs, paper documents, and team folder administration. A Retool dashboard connected to Dropbox Business API lets IT admins view storage consumption per team member, audit external sharing links, manage team folders, and monitor file activity — operations that are scattered across multiple Dropbox admin UI screens but can be unified in a single Retool interface.

Dropbox API v2 differs from most REST APIs in an important way: nearly all endpoints use POST requests with parameters sent in the JSON body rather than GET requests with URL query parameters. This design means Retool's REST API Resource handles all operations as POSTs with specific API argument headers, which requires a slightly different query configuration approach. Once you understand this pattern, building complex Dropbox management tools in Retool becomes straightforward.

Integration method

REST API Resource

Dropbox's API v2 uses a unique request format where all endpoints use POST requests with the API path in the URL and request parameters in the JSON body (not as URL query parameters). Retool connects via a REST API Resource using Bearer token authentication. You register a Dropbox App at dropbox.com/developers and generate a long-lived access token for the connected account, or use OAuth 2.0 for per-user authentication. All requests route through Retool's server-side proxy, keeping Dropbox credentials off the client.

Prerequisites

  • A Dropbox account (personal or Dropbox Business for team features)
  • Access to create a Dropbox App at dropbox.com/developers/apps
  • A Retool account with permission to create Resources
  • For team features: Dropbox Business Admin or Team Admin role
  • Familiarity with REST APIs and JSON request bodies

Step-by-step guide

1

Create a Dropbox App and generate an access token

Navigate to https://www.dropbox.com/developers/apps and sign in with your Dropbox account. Click Create app. Select the Scoped access API (the current Dropbox API). Choose the access type: Full Dropbox gives access to all files; App folder restricts access to a dedicated folder — for operations dashboards, Full Dropbox access is generally required. Give your app a name like 'Retool Integration'. Click Create app. On the app settings page, you will see the API key, API secret, and an OAuth 2.0 section. For server-to-server integrations, you can generate a long-lived access token: scroll to the OAuth 2.0 section and click Generate access token under the 'Generated access token' heading. This creates a token linked to your Dropbox account. For Dropbox Business team features, enable the relevant scopes in the Permissions tab: files.content.read and files.content.write for file operations, sharing.read and sharing.write for shared links, team_data.member for team member information, and events.read for activity logs. After enabling scopes, click Submit. Note that changing scopes may invalidate existing tokens — regenerate after scope changes. Copy the access token. For production use with Dropbox Business, consider using OAuth 2.0 with a service account rather than a personal access token tied to an individual employee.

Pro tip: Dropbox long-lived access tokens do not expire, but if your Dropbox app's permissions change or the token is revoked, you need to regenerate it. Store the token in Retool's Configuration Variables (not in the resource directly) so rotation is handled in one place.

Expected result: A Dropbox App exists with appropriate scopes, and you have a long-lived access token ready to configure in Retool.

2

Configure the Dropbox REST API Resource in Retool

Dropbox API v2 uses two different base URLs depending on the operation type: https://api.dropboxapi.com/2/ for most API calls (list folders, create shared links, team operations) and https://content.dropboxapi.com/2/ for file upload and download operations (files/upload, files/download). For a general-purpose Dropbox resource, use the API base URL and create a separate resource for content operations if needed. In Retool, navigate to Resources → Add Resource → REST API. Name it 'Dropbox API'. Set the Base URL to https://api.dropboxapi.com/2. In Authentication, select Bearer Token and paste your Dropbox access token. Add a default header: Content-Type with value application/json. Click Save Changes. A key thing to understand about Dropbox API v2: all operations use POST requests regardless of whether they are reads or writes. The path in your Retool query (e.g., /files/list_folder) tells Dropbox which operation to perform, and the JSON body contains the parameters. There are no GET requests with query string parameters in Dropbox API v2. This is different from most REST APIs and means every Retool query targeting Dropbox will use the POST method.

Pro tip: Create two separate resources: 'Dropbox API' for https://api.dropboxapi.com/2 (metadata and management operations) and 'Dropbox Content API' for https://content.dropboxapi.com/2 (file upload and download). This keeps operation types clearly separated in your Retool apps.

Expected result: A Dropbox API resource is saved in Retool and test queries can reach the Dropbox API endpoints.

3

Build folder browsing and file listing queries

Create a query named 'listFolder'. Set Method to POST. Path to /files/list_folder. In the Body section, set Body Type to JSON and enter the request body. The main parameter is 'path' — set to '' (empty string) for the root folder or {{ '/' + currentPath.value }} for a specific path. Additional options: 'recursive': false for single-level listing, 'limit': 100 for pagination. Create a transformer to separate folders from files and format metadata. To navigate into folders, create a State variable named 'currentPath' that tracks the current folder path. Add an onClick event handler to folder rows in the Table that updates currentPath.value and re-triggers listFolder. For search, create a query named 'searchFiles' — POST to /files/search_v2. Body: { 'query': '{{ searchInput.value }}', 'options': { 'max_results': 50, 'file_status': 'active' } }. For getting more detail on a single file, create 'getFileMetadata' — POST /files/get_metadata, body: { 'path': '{{ filesTable.selectedRow.path_display }}', 'include_media_info': false, 'include_deleted': false }.

list_folder_body.json
1// Request body for listing a Dropbox folder
2{
3 "path": "{{ currentPath.value ? '/' + currentPath.value : '' }}",
4 "recursive": false,
5 "include_media_info": false,
6 "include_deleted": false,
7 "include_has_explicit_shared_members": true,
8 "limit": 100
9}

Pro tip: Dropbox API returns a cursor for pagination via list_folder/continue endpoint. For large folders, check the 'has_more' field in the response and use the cursor value to fetch subsequent pages with POST /files/list_folder/continue, body: { 'cursor': data.cursor }.

Expected result: The listFolder query returns an array of files and folders for the specified path, visible in the query results with metadata including size and sharing status.

4

Build shared link management queries and UI

Shared link management is a core Dropbox operations use case. Create a query named 'listSharedLinks'. Set Method to POST, Path to /sharing/list_shared_links. Body: { 'path': '{{ filesTable.selectedRow?.path_display || "" }}', 'direct_only': false }. Without a path, this returns all shared links for the account. Create a transformer that extracts the link URL, expiry, link_permissions, and type (file/folder). Create a query 'createSharedLink' — POST /sharing/create_shared_link_with_settings. Body: { 'path': '{{ filesTable.selectedRow.path_display }}', 'settings': { 'requested_visibility': '{{ linkVisibilitySelect.value }}', 'expires': '{{ linkExpiryPicker.value ? new Date(linkExpiryPicker.value).toISOString() : undefined }}' } }. Add a Modal to the dashboard with a Form for shared link creation: a Select for visibility (public/team_only/password), a Date Picker for expiry, and optionally a Password input. After creating, display the resulting URL in a Text component with a copy button. For revoking links, create 'revokeSharedLink' — POST /sharing/revoke_shared_link, body: { 'url': '{{ sharedLinksTable.selectedRow.url }}' }. Add a Confirm Modal before triggering revoke since the operation is irreversible.

shared_links_transformer.js
1// Transformer: normalize Dropbox shared links for Table display
2const links = data.links || [];
3return links.map(link => ({
4 id: link.id,
5 url: link.url,
6 name: link.name,
7 path: link.path_display || link.path_lower,
8 type: link['.tag'] === 'folder' ? 'Folder' : 'File',
9 visibility: link.link_permissions?.resolved_visibility?.['.tag'] || 'public',
10 expires: link.expires
11 ? new Date(link.expires).toLocaleDateString()
12 : 'Never',
13 created: link.client_modified
14 ? new Date(link.client_modified).toLocaleDateString()
15 : 'Unknown'
16}));

Pro tip: Dropbox's create_shared_link_with_settings returns an error if a shared link already exists for the path. Check for error code 'shared_link_already_exists' in the response and retrieve the existing link using get_shared_link_metadata instead of creating a duplicate.

Expected result: Shared link management queries list existing links, create new ones with configurable settings, and revoke links with a confirmation step — all from the Retool dashboard.

5

Build team activity monitoring for Dropbox Business

For Dropbox Business accounts, the team events API provides an audit log of file and sharing activities across the entire team. Create a query named 'getTeamEvents'. Set Method to POST, Path to /team_log/get_events. Body: { 'limit': 100, 'time': { 'start_time': '{{ dateRange.startDate ? new Date(dateRange.startDate).toISOString() : new Date(Date.now() - 7*24*60*60*1000).toISOString() }}', 'end_time': '{{ dateRange.endDate ? new Date(dateRange.endDate).toISOString() : new Date().toISOString() }}' }, 'category': '{{ eventCategoryFilter.value || undefined }}' }. The category filter accepts values like 'file_operations', 'sharing', 'team_policies', 'logins' for event type filtering. Add a Select component for categories. Build a transformer that extracts event time, event type (from event_type['.tag']), actor name, and details. Display in a Table with color-coded event type badges. Add a Chart showing event volume per day using a grouped aggregate of the transformer output. For team member storage usage, create a separate query — POST /team/members/list/v2, body: { 'limit': 100, 'include_removed': false } — then for each member POST /team/members/get_info to get storage quota details. Use a Retool Workflow for the multi-member storage audit to avoid hitting rate limits in the app.

team_events_transformer.js
1// Transformer: reshape Dropbox team events for display
2const events = data.events || [];
3return events.map(event => {
4 const actor = event.actor?.user?.email
5 || event.actor?.admin?.email
6 || event.actor?.['.tag']
7 || 'System';
8 const details = event.details;
9 const eventTag = event.event_type?.['.tag'] || 'unknown';
10
11 return {
12 timestamp: new Date(event.timestamp).toLocaleString(),
13 event_type: eventTag.replace(/_/g, ' '),
14 actor,
15 context: event.context?.['.tag'] || 'N/A',
16 summary: event.event_type?.description || eventTag
17 };
18});

Pro tip: Dropbox Business team event logs are only available to Team Admins or apps with the 'events.read' scope on a Business plan. Verify your Dropbox app has this scope enabled in the Developer Console before building the activity dashboard.

Expected result: A team activity dashboard shows filterable Dropbox Business events with actor, event type, and timestamp, and a Chart visualizes activity volume over the selected date range.

Common use cases

Build a Dropbox team file browser and bulk operations panel

Create a Retool file management panel that lets administrators browse team Dropbox folders, see file metadata (size, shared status, version), perform bulk moves or copies, and generate shared links with configurable permissions and expiry dates — replacing tedious manual operations in the Dropbox web UI.

Retool Prompt

Build a Retool Dropbox file browser showing a folder tree on the left and file list on the right. Files show name, size, last-modified, and sharing status. Include buttons to create a shared link with an expiry date, copy files to another folder, and delete selected files with a confirmation modal.

Copy this prompt to try it in Retool

Build a Dropbox team sharing audit dashboard

Create a Retool security dashboard that queries Dropbox for all shared links and folder member invitations across the team, identifies externally-shared content, and allows admins to revoke sharing permissions in bulk. Include filters for shared-with-anyone links vs. invited members and time range for when sharing was created.

Retool Prompt

Build a Retool audit panel that queries Dropbox shared links and folder members across the team. Show a Table with file path, shared link URL, created date, and whether it's public or restricted. Include a revoke button and bulk selection for mass-revoking stale shared links.

Copy this prompt to try it in Retool

Build a team storage usage and activity monitoring dashboard

Create a Retool monitoring dashboard that shows Dropbox Business team member storage usage, highlights members approaching their quota, and displays recent file activity (uploads, deletions, shares) across the team. Use Charts to visualize storage trends and activity volumes over time.

Retool Prompt

Build a Retool Dropbox Business dashboard showing storage used per team member in a sorted Table with quota bars, along with a Chart of total team storage trend over 30 days. Include a recent activity feed showing latest file operations across the team.

Copy this prompt to try it in Retool

Troubleshooting

401 Unauthorized — 'expired_access_token' or 'invalid_access_token' error

Cause: Long-lived Dropbox access tokens from the Developer Console do not expire by default, but they can be revoked if: the app permissions (scopes) were changed, the account password was changed, or the token was explicitly revoked. Short-lived tokens (OAuth 2.0 flow) expire after 4 hours.

Solution: Regenerate the access token in the Dropbox Developer Console for the app. If using OAuth 2.0 short-lived tokens, implement token refresh using the refresh_token grant type. For server-to-server integrations, use offline access OAuth to get a long-lived refresh token, or use the Developer Console to generate a permanent access token scoped to the account.

400 Bad Request — 'path/not_found' when listing folders

Cause: Dropbox API v2 uses case-sensitive lowercase paths. Paths must begin with '/' or be an empty string for the root folder. A common mistake is using 'root' or '/' as the top-level path instead of the empty string ''.

Solution: For the root folder, pass an empty string '' (not '/') as the path value in list_folder requests. For subfolders, ensure the path begins with '/' and uses the exact lowercase path from a previous list_folder response. Use path_display from file metadata for human-readable paths and path_lower for API operations to avoid case sensitivity issues.

Dropbox API returns 409 Conflict when creating shared links

Cause: A shared link already exists for the specified file or folder. Dropbox does not create duplicate shared links — it returns a 409 with error code 'shared_link_already_exists' containing the existing link in the error body.

Solution: Handle the 409 error in your Retool query by checking the error response body for the existing link URL in the shared_link_already_exists error metadata. Use the existing link URL rather than creating a new one. Alternatively, query /sharing/list_shared_links for the file path first to check for existing links before attempting to create.

typescript
1// Check for existing shared link before creating
2// In the transformer, check for the error condition:
3if (data.error_summary === 'shared_link_already_exists/...') {
4 return { url: data.error?.shared_link_already_exists?.metadata?.url };
5}
6return { url: data.url };

Best practices

  • Store your Dropbox access token in Retool Configuration Variables marked as secret rather than directly in the resource settings — this enables rotation without reconfiguring all dependent queries
  • Use Dropbox's scope-based permissions when creating the app — request only the scopes your dashboard needs (files.content.read for read-only, files.content.write for modifications, team_data.member for Business team features)
  • Handle Dropbox's cursor-based pagination for large folder listings — always check the has_more field and use list_folder/continue with the cursor to retrieve all items rather than limiting results
  • Create two separate Retool resources for the two Dropbox API base URLs — api.dropboxapi.com for metadata/management and content.dropboxapi.com for upload/download operations
  • Add Confirm Modals before revoke_shared_link and file deletion operations — these are irreversible and cannot be undone from the Dropbox API
  • Use Retool Workflows for team-wide operations like storage audits that require iterating over all team members — in-app queries that loop over API calls to get per-member data will hit rate limits for large teams
  • For Dropbox Business environments, use a dedicated service account for the API connection rather than a personal admin account to avoid disruption if the admin employee changes

Alternatives

Frequently asked questions

Why does Dropbox API v2 use POST for all requests instead of GET?

Dropbox made a deliberate architectural choice with API v2 to use POST for all endpoints, passing parameters in the JSON request body rather than URL query strings. This approach avoids URL length limitations for complex filter parameters and keeps sensitive data out of server logs and browser history. In Retool, this means every Dropbox query uses the POST method, with request parameters configured in the Body section rather than the URL Parameters section.

Does Retool have a native Dropbox connector?

No, Retool does not have a native Dropbox connector. You connect via a REST API Resource with Bearer Token authentication using a Dropbox access token generated from the Developer Console. This gives you access to all Dropbox API v2 endpoints, including file operations, sharing management, and Dropbox Business team features.

Can I upload files to Dropbox from a Retool app?

Yes. Use a separate Retool resource pointing to https://content.dropboxapi.com/2 for upload operations. The files/upload endpoint accepts the file binary in the request body with a Dropbox-API-Arg header containing the destination path and write mode in JSON. Retool's File Picker component can capture files from users, and the file content is passed in the upload query body. For files over 150MB, use Dropbox's upload session API for chunked uploads.

How do I access Dropbox Business team member management from Retool?

Dropbox Business team APIs require your Dropbox app to have team-level scopes (team_data.member, team_info.read) and be authorized by a Dropbox Business Team Admin. The team namespace endpoints are at /team/members/list, /team/get_info, and /team/reports. When accessing team member files (rather than the admin account's files), you also need to set the Dropbox-API-Select-Admin or Dropbox-API-Select-User header to scope requests to a specific team member's namespace.

RapidDev

Talk to an Expert

Our team has built 600+ apps. Get personalized help with your project.

Book a free consultation

Integrations are where projects stall

We wire Retool integrations like this one every week — auth, webhooks, edge cases included. Fixed-price builds from $13K, delivered in 6–10 weeks.

Talk to an integration engineer

We put the rapid in RapidDev

Need a dedicated strategic tech and growth partner? Discover what RapidDev can do for your business! Book a call with our team to schedule a free, no-obligation consultation. We'll discuss your project and provide a custom quote at no cost.