I want to build a static website hosted by github which lets anyone make notes and saves them to a specific dropbox account. Then later users could access these files.
My only concern is that if the site is opensource then others can the token for the dropbox account and use it elsewhere.
Can I make it so my dropbox account only allows API calls from my website?
Thanks in advance
No. This is fundamentally impossible. Whatever mechanism you used (e.g. the referer
header) could just be faked by a malicious user.