I have following question: did someone try to add ‘Leads’ to your integration recently and enable ‘Leads’ consent to your app? Whether old tokens, associated with app became invalid in that case?
Let me share more contexts with you.
We have an approved marketplace application Coupler.io. It allows to set up scheduled integration from Pipedrive to Google sheets. We ask user to connect via OAuth flow and then use this connection to fetch data on a schedule basis (refreshing token each time on our own).
Pipedrive released Activities, Calls and Leads API and we extended list of imported entities to support that change. However, in order to fetch them we need to change scopes for our application.
Last time we did that Pipedrive automatically made all old access tokens invalid and all our customers importers stopped working until each user manually opened connection and reconnect to Pipedrive with new consents. As 90% of customers are using scheduled import that caused real troubles for us and all customers.
Usually we are handling that in a different way: all old connection are working, but if user tries to use them to import data, that requires more consents -> we are asking for additional access with standard OAuth flow.
I have asked Pipedrive support for that answer, but they suggested to ask community to get a fast answer.
Thank you in advance for sharing your thoughts and experience.