JSON Panel App Extension. What's the use of the "token" parameter in the API Endpoint call?

I’ve created an App and a JSON Panel App Extension. This panel includes info from our data warehouse in Pipedrive.

I’m storing the user access_token and refresh_token I got in the OAuth2 dance in a server side database.

When the Panel is drawn on the screen, Pipedrive makes a HTTP request to the API Endpoint that includes the expected parameters in the query string (according to the documentation, resource, selectedIds, userId, companyId) and an unexpected parameter: token.

This is an example request, with some details hidden:


I’m not sure what’s this token for.
I’ve tried using it as the access_token for the API, but I’m getting an error.

I would like to clarify this because I’m not sure if I understand the process correctly.


Hi @Martin_Sarsale,

Welcome to our Developers’ Community! :wave:

The token parameter in the URL is not for making any API requests. It’s there to help verify that the request came from a specific user/company in Pipedrive. Otherwise, anyone who knows the panel request URL could make requests on behalf of other users/companies.

The token can be decoded with either the panel’s JWT secret. Or if that’s not specified, then the client_secret.

I hope this helps? Please let us know if you have further questions.

Thanks. This is gold; I think this should be added to the documentation.

1 Like

This topic was automatically closed after 10 days. New replies are no longer allowed.