I’ve been trying to create a new web hook using the API with this:
https://developers.pipedrive.com/docs/api/v1/Webhooks#addWebhook
The app I have doesn’t have the ‘admin’ scope, and reading here:
it looks like it’s required.
My question is why is an admin scope required, when I already have access to the data the webhooks are accessing?
As Webhooks can be triggered for actions performed by different users (meaning different data), such permission requires admin attention.
@mykhailo I’m sorry I still don’t understand how this answers my question. It’s my understanding that the actions allow to be tracked are decided by the user_id field (or the user the auth token is link to if left blank). So if the user has access to the actions, I’m failing to see why other users are part of the consideration.
To clarify, why can my account (non-admin) make a webhook manually, but not the exact same one through an api
To clarify, why can my account (non-admin) make a webhook manually, but not the exact same one through an api
You still can create a webhook via API with api_token (your personal token). But, if you’re using an access token (token from an app) your app should have an admin scope in order to call this endpoint.
So there’s no other option than to poll regularly for any changes without adding an admin scope?
Also if my understanding is good, what you said isn’t quite correct: Scopes and permission explanations
In short: Even if I asked for admin scope my account non-admin account cannot not grant it. Thus it still cannot create a webhook through the api, even though I have sufficient permission to do so on the website
If you have an app that requires an admin scope, and non-admin user installs it, your app will be able to call POST /webooks GET/webhooks, DELETE /webhooks on behalf of a user who installed it
- Regular users can create/delete webhooks but only under their own Permission level.
https://pipedrive.readme.io/docs/guide-for-webhooks?ref=api_reference
The page you linked me to is talking about creating webhooks through the pipedrive website.
Also the docs directly contradict the idea that a non-admin can create webhooks through my app:
The admin scope requires the user who is installing an app (from the Pipedrive’s Marketplace), to have admin rights within the company. As the Marketplace doesn’t restrict non-admin users from installing apps, your app will need to be able to handle users without admin rights installing the app, when the admin scope is required.
https://pipedrive.readme.io/docs/marketplace-scopes-and-permissions-explanations#section-permission-set-effect-on-admin-scope
Creating App-Specific Webhooks
Webhooks can be created via our API by making aPOSTrequest to the/webhooksendpoint. The created webhooks are not visible in the Pipedrive web app’s UI. To be able to use these webhook endpoints, your app needs to have the “admin” scope . You can read more about scopes here.
https://pipedrive.readme.io/docs/webhooks-for-apps#section-creating-app-specific-webhooks
Correct me if I’m wrong, but this means that my app needs the admin scope to use the webhook api. additionally the user needs to be an admin, otherwise the admin scope will not be granted.
Therefore a non-admin can not create a webhook through my app, even though they can do so manually
true
additionally the user needs to be an admin, otherwise the admin scope will not be granted.
false, scope will be granted, so an app can try to call endpoints that are under the admin scope, but not all of the “admin endpoints” will respond with success.
As the Marketplace doesn’t restrict non-admin users from installing apps, your app will need to be able to handle users without admin rights installing the app, when the admin scope is required.
Let’s say your app does two things, create webhooks and pipelines in Pipedrive. When a non-admin user installs an app that requires admin scope, there is a warning message
after an app exchange on time code to access token, a response will include admin scope, so an app can call endpoints under that scope.
It means that a non-admin user will be able to use only the webhooks part of your app, but the admin can use it fully.
Hope it clarified things a bit.
Thank for your patience on this. I didn’t realise you still needed the other scopes along side the admin scope, for the admin scope to be utilised fully.
I am still hesitant to add this scope, even though I now understand it alone doesn’t grant my app any real admin permissions, given the description on the OAuth page [“Allows to do many things an administrator can do in Pipedrive…”] , it doesn’t really communicate this well with the end user
Thank you again for clearing this up though
