Api token vs oauth

I am looking into integrating Pipedrives CRM with a website for a client of mine, and I could use some guidance from you please.

Essentially they have a website with a few forms on it (“contact us” that sort of thing) and they want to integrate the forms with Pipedrive - so when a user submits the form, they want to use the API to post that data over and save that data into the CRM.

The question I have though, is I am not sure if I need to use Oauth for this. I’m not sure using the api token in the post request is very safe, but all documentation regarding oauth seems to revolve around setting up an actual market place app. From my understanding, I dont need a market place app in this instance. But I’m not 100% sure of that.

Would you suggest its best to set up a market place app for this simple integration; or will using the api token be safe enough?

Thanks!

Hi @keren

As you’ve stated, using Oauth does of course grant you more security as you won’t be exposing the API token at all, but it does depend on how much work you want to put in.

If you decide to go with OAuth, you don’t have to actually publish the app in the Marketplace, you can choose to keep it private.

hey @keren

You should never expose your api token.

So, even if you use the api token, you should only use it for server to server requests.

In your case - if I understand correctly - the form should post data to your server, and then your server could use the api token to send data to Pipedrive.