Dropbox API server root certificate changes coming in 2026

[porg]

I got an email from Dropbox with this content:

We're writing to you because our logs indicate that you own at least one active Dropbox API app using a version of an official Dropbox SDK with an outdated certificate trust store.

Please update your app(s) to use the latest versions of these SDKs as soon as possible to ensure continued access to the Dropbox API.

These official Dropbox SDKs implemented certificate pinning based on a list of root certificates included in the SDKs. These certificates will stop working in many web browsers and devices in 2026, so Dropbox needs to change which root is used to issue its server certificates. Apps using these SDKs need to be updated to the latest versions of the Dropbox SDKs to ensure uninterrupted access to the API.

On or after January 1, 2026, the Dropbox API servers will be updated to use new root certificates, so you’ll need to update the version of the SDK used in your app before then.

The versions listed below have been updated to maintain compatibility with the Dropbox API servers going forward:

• Java SDK v7.0.0 or greater
• .NET SDK v7.0.0 or greater
  • Note that apps using older versions of the .NET SDK are only affected if they call DropboxCertHelper.InitializeCertPinning().
• Python SDK v12.0.2 or greater

For more information, please refer to the blog post:
https://dropbox.tech/developers/api-server-certificate-changes

Could you please check your software and revise the readme accordingly how to renew one's certificate? Thanks!

[nk9]

Good spot, I'll have a look.