Authenticating on Pipefy

For authentication regarding Pipefy GraphQL endpoints, you will need an OAuth2 Bearer token generated within the Pipefy platform. A user is considered authenticated once they have a valid Bearer Token.

Today, we have two kinds of authentication: Service Accounts and Personal Access Tokens

Using your token to authenticate

To use your token to authenticate, you need to pass the key Authentication in the request header, with Bearer YOUR_TOKEN as the value.

Within your custom code it is necessary to write manuallyBearer before adding your token, otherwise, Pipefy will not be able to authenticate the user. Be sure to use the Authentication key and see examples of how to send a Bearer token in different languages. Try it and check the response, if you see your user ID and email in the response, it means that you correctly authenticated to Pipefy.

On an API platform, like Postman or Insomnia, it is unnecessary to manually write "Bearer" before your token, as the application will do it for you. Go to the "Authorization" tab, choose "Bearer Token" as the type, and input your token as the value. See below an example of Postman.



To access a resource via API, you need to have the necessary role and permission for this resource. Click here to learn more about Company Roles and Permissions and here to learn more about Pipe Members and permissions.

Click Try It! to start a request and see the response here!