JSON Panel App Extension. What's the use of the "token" parameter in the API Endpoint call?

Martin_Sarsale · September 7, 2023, 10:28pm

I’ve created an App and a JSON Panel App Extension. This panel includes info from our data warehouse in Pipedrive.

I’m storing the user access_token and refresh_token I got in the OAuth2 dance in a server side database.

When the Panel is drawn on the screen, Pipedrive makes a HTTP request to the API Endpoint that includes the expected parameters in the query string (according to the documentation, resource, selectedIds, userId, companyId) and an unexpected parameter: token.

This is an example request, with some details hidden:

https://XXXXXX.a.run.app/auction?resource=deal&view=details&userId=191XXX352&companyId=13XXX37&selectedIds=5351&isShared=false&token=eyJhbGciOXXXXXXXXXXXXXXXXXXXXXZOzM

I’m not sure what’s this token for.
I’ve tried using it as the access_token for the API, but I’m getting an error.

I would like to clarify this because I’m not sure if I understand the process correctly.

Thanks

Nicole_Tan · September 8, 2023, 10:09am

Hi @Martin_Sarsale,

Welcome to our Developers’ Community!

The token parameter in the URL is not for making any API requests. It’s there to help verify that the request came from a specific user/company in Pipedrive. Otherwise, anyone who knows the panel request URL could make requests on behalf of other users/companies.

The token can be decoded with either the panel’s JWT secret. Or if that’s not specified, then the client_secret.

I hope this helps? Please let us know if you have further questions.

Martin_Sarsale · September 8, 2023, 1:09pm

Thanks. This is gold; I think this should be added to the documentation.

system · September 17, 2023, 10:29pm

This topic was automatically closed after 10 days. New replies are no longer allowed.