Using Dropbox API with Node.js

Question

Im working on an web application using the MEAN Framework, within that app I want to give the users the ability to upload files.

Now heres the main thing:

1. All users uploaded files should be uploaded to a SINGLE dropbox account (my account)
2. They will only upload files of with the max size of 20MB (I've already built the functionality to check the file size before upload)

What I've done:

Ive gone to a Dropbox developers and I have setup my app. And now I have access to my appKey, appSecret and also a Access Token

My questions:

1. Is it possible for me to connect a single dropbox account (my account) to my app and give users in my app access to upload/download files from the dropbox but by using my apps interface?
2. As I already have the access token would I or every user in my app still need to go through the OAUTH process?
3. Can I just send my Access Token with each request to Dropbox api every time a user uploads a file through a specific form on my app?

If you can provide an example or a link that would be very helpful.

UPDATE:

I generated my token using the following button on the dropbox developers console:

Answer 1

Assumption: it is supposed the user of your apps are "legit" and that they won't do anything of your dropbox files that should concern you.

1. Yes, it is. You can configure your app to be the consumer of your dropbox; of course, your app will also have to make sure the users of the app are legit (check them with user/password login and so on) --note: consequences can be that any unauthorised person able to use your app can delete permanently all your files (or do anything as bad as possible according to the privileges)

2. The access token is part of OAuth, so I am not sure what you mean when you say "process". I will interprete your question as "how do I refresh my token?". Simply, before every call to dropbox API by your app, you check the expiration of your access token: if it is still valid you just perform the call, otherwise you request a new token. You do not need a Refresh token in this case: the OAuth mechanism (or 'grant flow' as per OAuth jargon, or 'process' to use your word) you are using is called "client credentials grant flow"

3. See above 2)

Some links for you: Here some overview of the grant flows. Here a schema of that grant flow (note: MS uses another component called "ActiveDirectory" to grant permission; in your case, both "Azure AD" and "Resource API" are just "the dropbox server")