While I am on the way to submit an app the the marketplace, I face 2 issues/questions.
My integration is developed on the third party software side, in the Pipedrive app, i just need to be able for each organisation using the app, to grab API credentials + setup the Callback URL.
This app will have to be setuped by each organization that wants to use it. On the app, each org will have to grab its own API key + setup its own Callback URL (depending on their third party app they want to connect). My question is: this information (API key + Callback URL) are variables? When I try to submit to review the app, it looks like “locked” values. Each org. should have its own right?
When I try to send it to review, I have an error on callback URL. While this callback URL has a correct format. Nevertheless, the callback is a fake callback URL, because as explained in point 1, it will differ for each user (organisation).
Hi @Norman_Pracht
Welcome to the community
Could you clarify a few things?
Can you share an example so that I can understand it better? (Does organization represent a Pipedrive company? What API credentials are we talking about - API token, Access Token, other?)
From the perspective of Pipedrive, any user who wishes to use the app has to install it. The callback URL receives the credentials for that user in the account, which gives you access to the company’s data. You need to store these tokens based on the account details which gives you the ability to work with multiple accounts.
Can you share the reason behind why different callback URLs are required for organizations?
An organization mean a Pipedrive account hold by an organisation (it can have several users).
I talk about API credentials generated by the app people can create (or take) from marketplace. It is a couple: Public and private keys. This is for non developers and given from UI when you grab API credentials:
Each Pipedrive customer that want to install this plugin will have to create its own API key right ? So I don’t understand why when i try to submit the App it already have credentials displayed.
Each Pipedrive customer, has a different Mautic (this is the app we want to offer a sync. with for free) account, so each Pipedrive customer will have a different Callback URL to setup in the app taken from Marketplace
Thanks for sharing the details What you see in the picture is the set of credentials from the perspective of a Pipedrive App. Users who authorize this app will receive an access token and refresh token. You would need the access token to make API calls pertaining to that organization and user.
I might not fully understand your perspective here, so help me out.
Each Pipedrive user in a company has their access token generated.
The credentials you see under OAuth and Access scopes correspond to the app and not to the user. This would be the key difference. In order for you to have the access token pertaining to the user, you need them to authorize and make them go through the OAuth flow
When they successfully authorize, you will receive all the necessary details (tokens, account details) - you can store this in your database to differentiate between customers. That’s why you need only one callback URL
For instance in the flow depicted below, there can be different resource owners (users / organizations) but there is only one client (the app and callback URL). Once you successfully store the account details and tokens, you can successfully handle multiple users simultaneously.
I think we don’t understand each other, probably i explain myself wrongly.
Customer A has the a.pipedrive.com account (with user A1 and A2). He also have a Mautic account (open source project I want to publish public app on marketplace). He has its own Mautic account on mautic.a.com
Customer B has the b.pipedrive.com account (with user B1 and B2). He has its own Mautic account on mautic.b.com
My understanding is on installation:
Customer A want to install app on Pipedrive marketplace, so he enable the app, and grab API credentials (they’ll use it in their mautic account) and setup mautic.a.com/pipedrive/callback in app.
Customer B want to install app on Pipedrive marketplace, so he enable the app, and grab API credentials and setup mautic.b.com/pipedrive/callback in app.
My understanding is it should be:
Customer A and B have different API credentials.
Customer A and B can set different callback URL
Am i good ?
Also my second question which is an issue. When i try to submit the app to review, i have error:
Hi @Norman_Pracht
Thanks for being patient and for explaining this in detail. Can you confirm the following details?
Are you referring to this tool - https://www.mautic.org/ ? They seem to have a REST API but do they also let you create OAuth Apps similar to Pipedrive?
Let’s say you have a public app that integrates Pipedrive with Mautic, there would be no need for the customer to copy any credentials (if its an OAuth app). All they need to do is to authorize
Assuming that you want to build this bi-directional integration, this is how it looks on a high level.
In your Pipedrive developer account, you create an OAuth app that has the required scope information and callback URL pointing to your app server/middleware. Let’s assume that it will be a public app.
The App server contains the business logic and can access the data of multiple (Customer) Pipedrive Accounts if the respective customer authorizes it during installation. The Callback URL that should be provided should be that of your app server/middleware and not that of Mautic (unless Mautic can directly handle authorization with Pipedrive)
The App server/middleware is the true heart of the integration. It should be able to authorize with Pipedrive and have a way to authorize with Mautic. This logic is entirely up to the developer who implements it. It is also expected to be multi-tenant - meaning it should be able to discern between Customer A and B through access tokens, account details and session information.
As I mentioned earlier, if the app is installed via Pipedrive marketplace, the app / middleware receives credentials pertaining to customer’s Pipedrive account. After installation, you need to authorize separately or have a way to accept Mautic credentials for that customer account so that the mapping is maintained.
Once the app has authorization, it can access the PD Customer A and Mautic account data with the respective credentials. The responsibility is on the developer side to safely handle the credentials.
Do you already have an app server/middleware that handles this bi-directional integration? Sometimes it could be iPaaS tools like Zapier / Make. Can you help me with this info?
