Breaking change in POST /deals and PUT /deals/{id} endpoints

Endpoints directly affected:

• POST /deals
• PUT /deals/{id}

What will change?

In Pipedrive, admin users can set visibility groups and permission sets. Visibility groups are used to categorize users and dictate what entity they will be allowed to see. Permission sets dictate what actions the users in the account are able to perform. To see and set the visibility group of the entity through the API we have the visible_to parameter.

If one tries to set the wrong visible_to value when requesting POST /organizations, PUT /organizations/{id}, POST /persons or PUT /persons/{id} endpoints, they will get the 403 response code. We’re adding that same additional validation to POST /deals and PUT /deals/{id} endpoints.

Why?

POST /deals and PUT /deals/{id} endpoints don't currently return an error if an incorrect value is given to visible_to parameter, instead the request is shown to be successful and it will ignore the data sent by the user.

Who is affected?

This change affects only non-admin type of users who belong to a permission set where the permission Can change visibility of items is turned off.

Published on October 13, 2020