Dropbox does have an API, https://www.dropbox.com/developers but this is about r... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mcpherrinm on Aug 27, 2013 \| parent \| context \| favorite \| on: Researchers reverse-engineer the Dropbox client: W... Dropbox does have an API, https://www.dropbox.com/developers but this is about reverse engineering the client which seems to use things not here -- in particular, some authentication stuff. I haven't read in depth about why that allowed them to bypass 2-factor auth though.

jontas on Aug 27, 2013 [–]

From the whitepaper (https://github.com/kholia/dedrop/blob/master/paper/accepted/...):

> We found that two-factor authentication (as used by Dropbox) only protects against unauthorized access to the Dropbox’s website. The Dropbox internal client API does not support or use two-factor authentication!

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact