Using OAuth 2.0 is necessary for developing apps that are available in the Pipedrive Marketplace. Authorization via OAuth 2.0 is a well-known and stable way to get fine-grained access to an API. To retrieve OAuth2 tokens you should send requests to the https://oauth.pipedrive.com
domain. After registering the app, you must add the necessary server-side logic to your app to establish the OAuth flow. Please read more about authorization step on the Pipedrive Developers page.
After the customer has confirmed the app installation, you will need to exchange the authorization_code
to a pair of access and refresh tokens. Using an access token, you can access the user's data through the API.
/oauth/token
Authorization
string
required
Base 64 encoded string containing the client_id
and client_secret
values. The header value should be Basic <base64(client_id:client_secret)>
.
application/x-www-form-urlencoded
grant_type
string
Since you are trying to exchange an authorization code for a pair of tokens, you must use the value "authorization_code"
Default
authorization_code
Values
authorization_code
refresh_token
code
string
The authorization code that you received after the user confirmed app installation
redirect_uri
string
The callback URL you provided when you registered your app
OK
The access_token
has a lifetime. After a period of time, which was returned to you in expires_in
JSON property, the access_token
will be invalid, and you can no longer use it to get data from our API. To refresh the access_token
, you must use the refresh_token
.
/oauth/token
Authorization
string
required
Base 64 encoded string containing the client_id
and client_secret
values. The header value should be Basic <base64(client_id:client_secret)>
.
application/x-www-form-urlencoded
grant_type
string
Since you are to refresh your access_token, you must use the value "refresh_token"
Default
refresh_token
Values
authorization_code
refresh_token
refresh_token
string
The refresh token that you received after you exchanged the authorization code
OK