What is the scope used for GET /d2l/api/le/(version)/(orgUnitId)/dropbox/folders/

Dennis.D.1339

I did not see Oauth2 Scopes for /dropbox/folders api at https://docs.valence.desire2learn.com/res/dropbox.html

And when I tried to call the api, I got { Errors: [ {Message: "Insufficient scope to call API.Required: core:*:*"} ] }

When I add `core:*:*"` to my Oauth2 scopes, it worked.

My question is: is this intended behavior? IMO it seems too much permission we need to give for just dropbox/folders api

Natasha.B.837

Hi @Dennis.D.1339

Here are the authentication scopes for the dropbox API calls in Brightspace:

https://docs.valence.desire2learn.com/http-scopestable.html#cap-dropbox

You are correct - the core:*:* scope gives far more permission than is required for the dropbox/folders API calls. You would likely want the dropbox:folders:read or dropbox:folders:write authentication scopes.

Best regards
Natasha