How to authenticate when coming from External webhook request

Hi again!

I asked this question in the API section with no luck in response. I’m hoping someone can come with an idea here.

I’m building an app where I send files and retrieve their status via an external webhook. Depending on the status I want to create a new file in Pipedrive. The only problem is how do I authenticate with Pipedrive in my app when coming from an external webhook call? Can you use a superuser or something like that in Pipedrive? Other idéas?

External webhook call -> my app -> new file in Pipedrive

Best Regard,

Hi @Vidar

In order to call Pipedrive API (create a new file), you could use your own API token (if you’re building an app for yourself), or use OAuth 2.0 provided for Pipedrive’s Marketplace apps (if you’re building an app for any Pipedrive user). More about that here.

Hi @mykhailo

I’m using the OAuth2 and when I’m logged in I can create the file. But then when my external API sends me a webhook I need a way to login the user in the backend, to create this file. I guess I need to pass the access token along somehow?

You need to save access_token (to use for API calls) refresh_token (to update access_token) once a Pipedrive user granted permissions (more here)

In short (by the example of my test app):

After that, a vendor gets a one-time code in redirect URL specified in the app detail and uses that code to get the access token/refresh token (installing the app)

If all details are correct, the response will include access_token and refresh_token (per Pipedrive user/ company) so the vendor can save tokens in DB for future use.

access_token - is used for Pipedrive API calls and is valid for 5 min, after that you need to refresh it with the refresh token

refresh_token - is used for refreshing access_token and uninstalling the app.

1 Like

Aha ok as I suspected. Now it’s more clearer thanks!

Best Regards,
Vidar Asp Johansson.