My need is to have a simple web form that also lets people upload some pdf's.
What I was thinking I could do (because of the size and number of uploaded files) is to tie the backend of this app to either my dropbox account or my box.com account.
Both services offer similar API's to build apps.
However they both assume I want to interact with people's dropbox/box account.
I think I kinda want the reverse of that. People would upload files to a web server but I want to upload them programatically to either of these 2 services, but under MY account with access and permissions related only to MY account.
The users don't need to interact with dropbox at all, they don't need to approve anything.
Why doesn't it seem possible to use the API in such a way that files can be added to the same, previously known, dropbox account which I own?
While this isn't the intended use, the basic idea would be to manually get an authorized access token for the account once, and save and reuse it for all future calls. (Just be sure not to revoke it.)
It is essentially the same way you would manage multiple users, except that each user just reuses the same access token, instead of their own.
I have had a similar issue using Facebook (FB) API in a few cases - where what I wanted was to have my server talk to FB in order to sync with my account - but the API is generally intended for use with the account of the person accessing the site.
The problem is that if you try to connect client-side, as the API is generally intended, you need to expose your own private log-in / credentialization via a client-side script... which clearly isn't good.
The trick I've used is to wrap the API server-side with a series of methods which allow you to perform the specific functions you need, then allow your JS or server-side binding to call those methods async. The resulting flowchart looks something like:
------ ---------- -------
| UI | -> AJAX -> | Server | -> Async GET w/Credentials -> | API |
------ ---------- -------
You then get the data back at the Server
level and return it to the UI as JSON - and voila, your UI has no credentials - but still has access to your DropBox.
So - for your example of uploading a file... The user is going to post a file to your web-server. On the Server-side handler for the method - simply take the posted binary information, form it into a new API call to your drop-box - authenticate (if you don't already have an active authenticated session) - and then post. You can then return information to your client-side based on the success / failure of that call.
I hope this helps. :) Takes a bit of scaffolding - but it is possible! Have faith!