The recommended authorization protocol for all public apps available in the Pipedrive Marketplace is the industry-standard OAuth 2.0 protocol. OAuth 2.0 allows apps to have granular access to user's data and provide a secure, yet easy-to-use connection between the app and Pipedrive.

Using OAuth 2.0 authorization provides a way for all requests you make to Pipedrive API to be authorized by a user. A Pipedrive user must grant access to their data for the app. As proof of this grant, every request to our API must contain a valid access_token. Every access_token is bound to:

• the Pipedrive user who granted the access;
• the company of the user (if a user is connected to multiple accounts, then it’s dependent on the company they’re logged into when authorizing the app);
• the 3rd party app which asked for this access;
• a set of permissions that will be allowed;
• an expiration date.

In order to get access to the user's data for your app, the app must be registered in the Pipedrive Marketplace from where the app installation (i.e. access-granting) process can be started.

1. Have a Developer Sandbox account.
2. Register your app in Marketplace Manager to get the client_id, client_secret and to choose the scopes.
3. Implement the OAuth 2.0 protocol by following our guide for OAuth authorization.

Now you should have the access_token and refresh_token necessary for making requests to Pipedrive's API.

All requests to the API should be authenticated with the access_token by providing its value in the Authorization header: