Authentication
The ExpanDrive software communicates directly with your cloud storage without any intermediate server. In this example we are showing Google Drive but the process is the same for Google Drive, OneDrive, Dropbox, Box, Hubic, OneDrive for Business.

Screen Shot 2016-07-01 at 2.41.25 PM

A user first identifies themselves to Google via an embedded web browser view. The ExpanDrive app never captures the user’s credentials.

Screen Shot 2016-07-01 at 2.41.39 PM

The user now grant’s API access to the ExpanDrive app – this allows the ExpanDrive app to read and write from the user’s Google Drive account on behalf of the user. This is how ExpanDrive is able to transform for Google Drive account into a virtual drive.

Security

Now that a user has authenticated, we store the API key securely. The default location is to store the API in the system Keychain on the Mac and in encrypted in the user’s profile on Windows. There are other options available for customized builds to store the API key in a centrally managed location. ExpanDrive, Inc. never has access to a user’s API key or credentials, nor does it have the ability to access them.

Permissions

The storage service API enforces all of the permissions and settings for a given user. ExpanDrive can only see what files and folders a user has access to, and nothing else. We present the data provided via the API.