Creating new webhooks through API

I’ve been trying to create a new web hook using the API with this:
https://developers.pipedrive.com/docs/api/v1/Webhooks#addWebhook

The app I have doesn’t have the ‘admin’ scope, and reading here:

it looks like it’s required.

My question is why is an admin scope required, when I already have access to the data the webhooks are accessing?

Hi @Petre_Raynov

As Webhooks can be triggered for actions performed by different users (meaning different data), such permission requires admin attention.

@mykhailo I’m sorry I still don’t understand how this answers my question. It’s my understanding that the actions allow to be tracked are decided by the user_id field (or the user the auth token is link to if left blank). So if the user has access to the actions, I’m failing to see why other users are part of the consideration.

To clarify, why can my account (non-admin) make a webhook manually, but not the exact same one through an api

To clarify, why can my account (non-admin) make a webhook manually, but not the exact same one through an api

You still can create a webhook via API with api_token (your personal token). But, if you’re using an access token (token from an app) your app should have an admin scope in order to call this endpoint.

1 Like

So there’s no other option than to poll regularly for any changes without adding an admin scope?

Also if my understanding is good, what you said isn’t quite correct: Scopes and permission explanations

In short: Even if I asked for admin scope my account non-admin account cannot not grant it. Thus it still cannot create a webhook through the api, even though I have sufficient permission to do so on the website

If you have an app that requires an admin scope, and non-admin user installs it, your app will be able to call POST /webooks GET/webhooks, DELETE /webhooks on behalf of a user who installed it

  • Regular users can create/delete webhooks but only under their own Permission level.
    Guide for Webhooks

The page you linked me to is talking about creating webhooks through the pipedrive website.

Also the docs directly contradict the idea that a non-admin can create webhooks through my app:

The admin scope requires the user who is installing an app (from the Pipedrive’s Marketplace), to have admin rights within the company. As the Marketplace doesn’t restrict non-admin users from installing apps, your app will need to be able to handle users without admin rights installing the app, when the admin scope is required.
Scopes and permission explanations

Creating App-Specific Webhooks
Webhooks can be created via our API by making a POST request to the /webhooks endpoint. The created webhooks are not visible in the Pipedrive web app’s UI. To be able to use these webhook endpoints, your app needs to have the “admin” scope . You can read more about scopes here.
Webhooks for apps

Correct me if I’m wrong, but this means that my app needs the admin scope to use the webhook api. additionally the user needs to be an admin, otherwise the admin scope will not be granted.

Therefore a non-admin can not create a webhook through my app, even though they can do so manually

true

additionally the user needs to be an admin, otherwise the admin scope will not be granted.

false, scope will be granted, so an app can try to call endpoints that are under the admin scope, but not all of the “admin endpoints” will respond with success.

As the Marketplace doesn’t restrict non-admin users from installing apps, your app will need to be able to handle users without admin rights installing the app, when the admin scope is required.

Let’s say your app does two things, create webhooks and pipelines in Pipedrive. When a non-admin user installs an app that requires admin scope, there is a warning message

after an app exchange on time code to access token, a response will include admin scope, so an app can call endpoints under that scope.

Screenshot 2021-08-26 at 13.18.46

It means that a non-admin user will be able to use only the webhooks part of your app, but the admin can use it fully.

Hope it clarified things a bit.

2 Likes

Thank for your patience on this. I didn’t realise you still needed the other scopes along side the admin scope, for the admin scope to be utilised fully.

I am still hesitant to add this scope, even though I now understand it alone doesn’t grant my app any real admin permissions, given the description on the OAuth page [“Allows to do many things an administrator can do in Pipedrive…”] , it doesn’t really communicate this well with the end user

Thank you again for clearing this up though

1 Like