OAuth 2.0 overview
The recommended authorization protocol for all public apps available in the Pipedrive Marketplace is the industry-standard OAuth 2.0 protocol. OAuth 2.0 allows apps granular access to users’ data and provides a secure and easy-to-use connection between the app and Pipedrive.
Using OAuth 2.0 authorization allows all requests you make to Pipedrive API to be authorized by a user. A Pipedrive user must grant access to their data for the app. As proof of this grant, every request to our API must contain a valid access_token
. Every access_token
is bound to:
- The Pipedrive user who granted the access
- The company of the user (if a user is connected to multiple accounts, then it’s dependent on the company they’re logged into when authorizing the app)
- The 3rd party app which asked for this access
- A set of permissions that will be allowed
- An expiration date
To get access to the users’ data, the app must be registered in the Pipedrive Marketplace as this is where the app installation (i.e. access-granting) process starts.
See our OAuth authorization for a step-by-step guide on implementing OAuth 2.0 for your app.
Steps to take to get the access_token
access_token
- Get your developer sandbox account
- Register your app in Developer Hub to get the
client_id
,client_secret
and subsequently, choose relevant scopes for your app - Implement the OAuth 2.0 protocol by following our guide for OAuth authorization
Now you should have the access_token
and refresh_token
necessary for making requests to Pipedrive’s API.
How to authenticate the requests?
All requests to the API should be authenticated with the access_token
by providing its value in the Authorization header:
GET https://{COMPANYDOMAIN}.pipedrive.com/api/v1/deals -H 'Authorization: Bearer v1u:AQIABHj...XNYcKcd_8LIrqRhRT9GQs4XW1MawrF_K4yg'
Updated 4 months ago