leadFields Method return (403) Forbidden using Ouath authentication

Rodrigo_Traverso · June 22, 2023, 9:07pm

Hi, I am an integrator and I am trying to use OAuth and stop using the APITOKEN as authentication method. But when I try to use the /leadFields?start=0&limit=100 method it returns 403 Forbidden error with the following JSON.
{"success":false,"error":"Scope and URL mismatch","errorCode":403,"error_info":"Please check developers.pipedrive.com"}

The following are the scopes that I have configured in my application

{
"access_token":"----",
"token_type":"Bearer",
"expires_in":3599,
"refresh_token":"----",
"scope":"base,deals:full,mail:full,activities:full,contacts:full,products:full,users:read,recents:read,search:read,admin,leads:full",
"api_domain":"https://craig-sandbox3.pipedrive.com"
}

Reviewing your Scopes and Permissions page I can’t find in the list the leadFields method and I want to know what I can do to use the Oauth authentication and use the leadFields method.

I hope someone can help me to solve my problem.

Hem · June 27, 2023, 11:56am

Hi @Rodrigo_Traverso
Thanks for bringing this to our attention. I could replicate this issue from my end, and it only seems to work with API Key based access (and only when an account-specific API endpoint is called - https://[account].pipedrive.com/api/v1/leadField)

I understand this is a potential bug that needs to be addressed, and I will forward it to engineering. Can you share the use case that is dependent on this endpoint? It helps to prioritize the fix

Rodrigo_Traverso · June 27, 2023, 2:18pm

Thank you very much for the answer. We have several customers who asked us for security issues that our integration software will use OAuth instead of Apikey, but in our tests, we got that error with the Lead object.
Also, our Pipedrive customers expect custom fields are discovered and usable in their integration. In order for us to recognize all lead fields including custom ones, we depend on this endpoint to discover the custom fields. In short, without this endpoint functioning in OAuth mode, our connection to Pipedrive cannot function according to customer expectations. In the short-term we are requiring customers to use APIKey mode, but this is not a good long-term solution.

If you need more specific details, I will gladly send them to you.
I would also like to know if there is a workaround for this issue.

Rodrigo_Traverso · July 5, 2023, 2:20pm

Hi Hem, do you have a ticket number or some way we can follow up on this issue?

Hem · July 24, 2023, 2:40pm

Hi @Rodrigo_Traverso
Sorry for the delay, and thanks for adding the use case. Unfortunately, this endpoint is not documented at the moment, and as you mentioned, there is a discrepancy in its behavior. On the bright side, I raised this topic internally and discussed it with engineering. Currently, it is a task that is marked in the backlog (Reference: EXP-117 - can be highlighted in future support cases)

I would recommend staying tuned to the changelog for information related to the improvements done to the relevant endpoint