tomshaw / laravel-dropbox
A Laravel Dropbox API client library.
Requires
- php: ^8.5
- laravel/framework: ^13.0
Requires (Dev)
- larastan/larastan: ^3.9
- laravel/pint: ^1.29
- nunomaduro/collision: ^8.9
- orchestra/testbench: ^11.1
- pestphp/pest: ^4.7
README
A Laravel Dropbox API 2.0 client library.
Requirements
- PHP 8.5
- Laravel 13.0
Features
- Secure OAuth 2.0 Flow: Authorization with CSRF
stateverification and PKCE (S256) code challenges out of the box. - Automatic Token Refresh: Expiring tokens are refreshed transparently before every authenticated request — in controllers, queued jobs, and Artisan commands alike.
- Customizable Token Storage: User definable token storage adapters to suit your apps needs. Database-stored tokens are encrypted at rest.
- Static Token Mode: Set
DROPBOX_ACCESS_TOKENto skip the OAuth flow entirely for single-account, server-side integrations. - Large File Support: Uploads above Dropbox's 150 MB single-request limit automatically switch to chunked upload sessions; downloads can stream straight to disk.
- Resilient HTTP Layer: Built on Laravel's HTTP client with configurable timeouts and automatic retries that honor Dropbox
Retry-Afterrate-limit headers. - Typed Exceptions:
DropboxException,AuthenticationException, andRateLimitExceptionexpose the status code and parsederror_summaryfrom Dropbox. - Laravel Facades Integration: Built using Laravel Facades offering a familiar and simple interface that promotes readability, flexibility, testing and ease of use.
Installation
You can install the package via composer:
composer require tomshaw/laravel-dropbox
Next publish the configuration file:
php artisan vendor:publish --provider="TomShaw\Dropbox\Providers\DropboxServiceProvider" --tag=config
Run the migration if you wish to use database storage adapter:
php artisan migrate
Configuration
Here's a breakdown of each configuration option:
The following variables should be set in your
.envfile
-
DROPBOX_CLIENT_ID: The client ID for your Dropbox application. -
DROPBOX_CLIENT_SECRET: The client secret for your Dropbox application. -
DROPBOX_REDIRECT_URI: The URI to redirect to after Dropbox authentication. -
DROPBOX_ACCESS_TOKEN: A static access token used for all API requests. When set, the OAuth flow and token storage are bypassed entirely. -
DROPBOX_ACCESS_TYPE: This is the access type for the Dropbox application. -
DROPBOX_ACCESS_SCOPES: If omitted will request all scopes selected on the Permissions tab. -
DROPBOX_TIMEOUT: Request timeout in seconds (default30). -
DROPBOX_RETRIES: Number of attempts for rate-limited requests or failed connections (default3).
Token storage is configured via the storage key in the published config/dropbox.php. The default is DatabaseTokenStorage (encrypted, requires the migration); SessionTokenStorage is included for session-scoped tokens, or provide your own implementation of TomShaw\Dropbox\Storage\StorageAdapterInterface.
Developers should review the Dropbox Developer Platform and SDK Documentation for further information.
Basic Usage
Below is a cursory explanation of this repository's usage. Please refer to the appropriate Facade Resource for additional methods and usage.
Verify your apps credentials utilizing the
checkaccessorappmethod.
namespace App\Http\Controllers; use TomShaw\Dropbox\Dropbox; use TomShaw\Dropbox\DropboxClient; class DropboxController extends Controller { public function check() { Dropbox::check()->app(); } }
Authorizing the application and persisting the token.
namespace App\Http\Controllers; use TomShaw\Dropbox\Dropbox; class DropboxController extends Controller { public function connect() { if (request()->has('code')) { Dropbox::connect(request('code'), request('state')); return redirect()->route('dashboard'); } return redirect()->away(Dropbox::getAuthUrl()); } }
Revoking access using the
revokeaccessor.
namespace App\Http\Controllers; use TomShaw\Dropbox\Dropbox; class DropboxController extends Controller { public function revoke() { Dropbox::revoke(); return redirect()->route('dashboard'); } }
Requesting account information using the
usersaccessor.
namespace App\Http\Controllers; use TomShaw\Dropbox\Dropbox; class DropboxController extends Controller { public function account() { Dropbox::users()->getCurrentAccount(); } }
Creating folders using the
filesaccessor.
namespace App\Http\Controllers; use TomShaw\Dropbox\Dropbox; class DropboxController extends Controller { public function createfolder(string $path) { Dropbox::files()->createFolder($path, true); } }
Downloading files using the
filesaccessor.
namespace App\Http\Controllers; use TomShaw\Dropbox\Dropbox; class DropboxController extends Controller { public function download($id) { $item = Dropbox::files()->getMetadata($id); if ($item) { $fileContents = Dropbox::files()->download($item['path_lower']); return response($fileContents, 200, [ 'Content-Type' => 'application/octet-stream', 'Content-Disposition' => 'attachment; filename="' . $item['name'] . '"', ]); } return abort(404); } }
Large downloads can stream directly to a local path without buffering in memory. The file metadata is returned from the
Dropbox-API-Resultheader.
$metadata = Dropbox::files()->downloadTo('/videos/demo.mp4', storage_path('app/demo.mp4'));
Uploading files using the
filesaccessor. Files above Dropbox's 150 MB single-request limit are automatically sent through a chunked upload session; useuploadSession()to force chunked uploads at any size.
namespace App\Http\Controllers; use TomShaw\Dropbox\Dropbox; use TomShaw\Dropbox\Enums\WriteMode; class DropboxController extends Controller { public function upload(string $destinationPath, string $sourceFilePath) { Dropbox::files()->upload($destinationPath, $sourceFilePath, mode: WriteMode::Add, autorename: false, mute: false, strictConflict: false); } }
Handling Dropbox API errors with typed exceptions.
use TomShaw\Dropbox\Exceptions\{AuthenticationException, DropboxException, RateLimitException}; try { Dropbox::files()->getMetadata('/missing.txt'); } catch (RateLimitException $e) { // $e->retryAfter (seconds), after built-in retries were exhausted } catch (AuthenticationException $e) { // Token invalid, revoked, or the OAuth flow has not completed } catch (DropboxException $e) { // $e->status and $e->errorBody['error_summary'] }
Sharing a link using the
sharingaccessor.
namespace App\Http\Controllers; use TomShaw\Dropbox\Dropbox; use TomShaw\Dropbox\DropboxClient; class DropboxController extends Controller { public function sharelink(string $path) { Dropbox::sharing()->createSharedLinkWithSettings($path, ['requested_visibility' => 'public']); } }
Middleware
Add the included Dropbox middleware to any routes that require API access. Requests without a stored token are redirected to the Dropbox authorization page; requests expecting JSON receive a 401 response instead.
Route::group(['middleware' => ['web', 'auth', 'dropbox']], function () { /* Grouped routes */ });
Contributing
Please see CONTRIBUTING for details.
Changelog
For changes made to the project, see the Changelog.
License
The MIT License (MIT). See License File for more information.