Error 401 unauthorized with pipedrive cookie

I’m using the oauth enpoint on api-proxy.pipedrive.com and I’m getting error 401 with the message unauthorized access if a cookie containing session-token and o-auth infos from pipedrive is used in the request.
If I manually remove the cookie from the requests they work. As soon as this cookie (which is set by pipedrive when I log in to authorize my app) is passed into the request the requests fail with the mentioned error. I can’t stop my app from passing in the cookie after it was set at login to pipedrive.
Could you help me find out why the pipedrive api is responding with 401 when this cookie is used?

Hi @DavidMsnap,

Requests to api-proxy shouldn’t include cookies (so this would give you problems). As our internal router decides if a request is valid or not, having requests with both the Access Token and Session won’t allow it to be verified correctly.

@David I know that I don’t need to send cookies but this is a browser side application. The browser sends the cookie with the requests as the api has the same domain as the login page.
Considering this your advice of not sending them is not really working in my case.
In my opinion this is more of a bug in your internal router than in my implementation given my constraints.
Can you help me in any other way?

Unfortunately I can’t provide any direct help with this, but instead to suggest that you use a backend service to deliver the Pipedrive API requests and the frontend should then be communicating with the backend.

We specifically recommend not building FrontEnd only apps client_id and client_secret could be potentially visible to everyone.