leadFields Method return (403) Forbidden using Ouath authentication

Hi, I am an integrator and I am trying to use OAuth and stop using the APITOKEN as authentication method. But when I try to use the /leadFields?start=0&limit=100 method it returns 403 Forbidden error with the following JSON.
{"success":false,"error":"Scope and URL mismatch","errorCode":403,"error_info":"Please check developers.pipedrive.com"}

The following are the scopes that I have configured in my application


Reviewing your Scopes and Permissions page I can’t find in the list the leadFields method and I want to know what I can do to use the Oauth authentication and use the leadFields method.

I hope someone can help me to solve my problem.

Hi @Rodrigo_Traverso
Thanks for bringing this to our attention. I could replicate this issue from my end, and it only seems to work with API Key based access (and only when an account-specific API endpoint is called - https://[account].pipedrive.com/api/v1/leadField)

I understand this is a potential bug that needs to be addressed, and I will forward it to engineering. Can you share the use case that is dependent on this endpoint? It helps to prioritize the fix :slight_smile:

Thank you very much for the answer. We have several customers who asked us for security issues that our integration software will use OAuth instead of Apikey, but in our tests, we got that error with the Lead object.
Also, our Pipedrive customers expect custom fields are discovered and usable in their integration. In order for us to recognize all lead fields including custom ones, we depend on this endpoint to discover the custom fields. In short, without this endpoint functioning in OAuth mode, our connection to Pipedrive cannot function according to customer expectations. In the short-term we are requiring customers to use APIKey mode, but this is not a good long-term solution.

If you need more specific details, I will gladly send them to you.
I would also like to know if there is a workaround for this issue.

Hi Hem, do you have a ticket number or some way we can follow up on this issue?

Hi @Rodrigo_Traverso
Sorry for the delay, and thanks for adding the use case. Unfortunately, this endpoint is not documented at the moment, and as you mentioned, there is a discrepancy in its behavior. On the bright side, I raised this topic internally and discussed it with engineering. Currently, it is a task that is marked in the backlog (Reference: EXP-117 - can be highlighted in future support cases)

I would recommend staying tuned to the changelog for information related to the improvements done to the relevant endpoint :slight_smile:

According to the Pipedrive doc: " The recommended authorization protocol for all public apps available in the Pipedrive Marketplace is the industry-standard OAuth 2.0 protocol. OAuth 2.0 allows apps granular access to users’ data and provides a secure and easy-to-use connection between the app and Pipedrive."

We certainly agree that OAuth is a vastly better experience and more secure for our mutual customers that we help integrate their Pipedrive instance. However we cannot use OAuth while the endpoint has the reported bug as they would lose the ability to integrate their custom fields. Has there been any progress on EXP-117? Seems like it would be a 1 or 2 line fix to the code to respect OAuth authentication similar to other endpoints.

Hi @calford-vertify,

the task has been postponed for a while. A new approach for fields is being in progress and a new set of endpoints to access fields will be released. There is no ETA though.