The recommended authorization protocol for all public apps available in the Pipedrive Marketplace is the industry-standard OAuth 2.0 protocol. OAuth 2.0 allows apps to have granular access to user's data and provide a secure, yet easy-to-use connection between the app and Pipedrive.

Using OAuth 2.0 authorization provides a way for all requests you make to Pipedrive API to be authorized by a user. A Pipedrive user must grant access to their data for the app. As proof of this grant, every request to our API must contain a valid access_token. Every access_token is bound to:

the Pipedrive user who granted the access;
the company of the user (if a user is connected to multiple accounts, then it’s dependent on the company they’re logged into when authorizing the app);
the 3rd party app which asked for this access;
a set of permissions that will be allowed;
an expiration date.

In order to get access to the user's data for your app, the app must be registered in the Pipedrive Marketplace from where the app installation (i.e. access-granting) process can be started.

📘
See our OAuth authorization for a step-by-step guide to getting OAuth 2.0 implemented to your app.

Steps to take to get the access_token

Have a Developer Sandbox account.
Register your app in Marketplace Manager to get the client_id, client_secret and to choose the scopes.
Implement the OAuth 2.0 protocol by following our guide for OAuth authorization.

Now you should have the access_token and refresh_token necessary for making requests to Pipedrive's API.

How to authenticate the requests?

All requests to the API should be authenticated with the access_token by providing its value in the Authorization header:

GET https://companydomain.pipedrive.com/api/v1/deals -H 'Authorization: Bearer 53289:1050268:4ae2dd99663e3a8e3bd04ba5d89a21850d6fa52d'