OAuth 2.0 overview
The recommended authorization protocol for all public apps available in the Pipedrive Marketplace is the industry-standard OAuth 2.0 protocol. OAuth 2.0 allows apps to have granular access to user's data and provide a secure, yet easy-to-use connection between the app and Pipedrive.
Using OAuth 2.0 authorization provides a way for all requests you make to Pipedrive API to be authorized by a user. A Pipedrive user must grant access to their data for the app. As proof of this grant, every request to our API must contain a valid access_token
. Every access_token
is bound to:
- the Pipedrive user who granted the access;
- the company of the user (if a user is connected to multiple accounts, then it’s dependent on the company they’re logged into when authorizing the app);
- the 3rd party app which asked for this access;
- a set of permissions that will be allowed;
- an expiration date.
In order to get access to the user's data for your app, the app must be registered in the Pipedrive Marketplace from where the app installation (i.e. access-granting) process can be started.
See our OAuth authorization for a step-by-step guide to getting OAuth 2.0 implemented to your app.
Steps to take to get the access_token
- Have a Developer Sandbox account.
- Register your app in Marketplace Manager to get the
client_id
,client_secret
and to choose the scopes. - Implement the OAuth 2.0 protocol by following our guide for OAuth authorization.
Now you should have the access_token
and refresh_token
necessary for making requests to Pipedrive's API.
How to authenticate the requests?
All requests to the API should be authenticated with the access_token
by providing its value in the Authorization header:
GET https://{COMPANYDOMAIN}.pipedrive.com/api/v1/deals -H 'Authorization: Bearer 53289:1050268:4ae2dd99663e3a8e3bd04ba5d89a21850d6fa52d'
Updated 7 months ago