Evaluating the Dropbox API – Terms and Conditions

Dropbox API Article Featured Image

One of the first things that a developer encounters when signing up to use an API is the Terms and Conditions. While I don’t enjoy reading legalese, there are some things that I appreciated when reading the Dropbox Developer Terms and Conditions document.

A Friendly Tone

“Thank you for developing on Dropbox!” This is opening statement of the terms and conditions document. Wow! Dropbox wants me to develop and the terms and conditions document doesn’t simply exist as a threat to sue me. It is welcoming and invites me to explore further.

“Please carefully read these Developer Terms before investing your time in using the Developer Platform.” This tells me that Dropbox cares about my time as a developer. They don’t want me to waste my time developing something that cannot be released because I’ve inadvertently violated the terms of use.

Readable by an Ordinary Human

I appreciate that the terms and conditions document is readable by an ordinary human. I don’t have to hire a lawyer to understand what I can or cannot do. Thank you!

Developer Guidelines

The terms and conditions document links to a different document called “Developer Guidelines” that gives specific development guidance on how to make it through the production approval process. That document is concise, explains the process to obtain approval, and clearly outlines the things that they encourage and the things that they don’t allow. This is helpful because it is clear to me what I need to do to successfully navigate the Dropbox app review process. Dropbox is focused on my success.

Acceptable Use Policy

The terms and conditions also link to a document titled “Acceptable Use Policy.” This document clearly defines the things that you are strictly prohibited from doing. This is like the Dropbox commandments and defines the behaviors that they define as nefarious.

If you don’t have this defined, well-meaning developers will do all sorts of creative things with your site, including reverse engineering your website software, discovering private APIs, and causing havoc.

Stating the rules is a good thing. Good developers would rather know the rules of engagement up front than be yelled at later through some sort of cease and desist communication.

Of course, an acceptable use policy won’t have any effect on black hat developers as they will do whatever they please. You must have appropriate security measures in place to protect your system, and this goes beyond your API.

End User Data & Information

“If you collect data or information from or about users (“User Data”) via your Dropbox Developer App or the Developer Platform, you must ensure that it is collected, processed, transmitted, maintained, and used in compliance with all applicable laws, industry standard security practices, and a privacy policy that you post and make clearly available to users.”

As a potential consumer of the API, I appreciate that Dropbox doesn’t dictate what my security practices must be. I just need to be smart and follow industry standard security practices, which I should do regardless.


Blogging about a terms and conditions document is boring, but a great developer experience requires attention to detail at every touchpoint. Dropbox has done a great job here.

Grade: A