For authentication regarding Pipefy GraphQL endpoints, you will need an OAuth2 Bearer token generated within the Pipefy platform. A user is considered authenticated once they have a valid Bearer Token.
Today, we have two kinds of authentication: Service Accounts and Personal Access Tokens
To use your token to authenticate, you need to pass the key
Authentication in the request header, with
Bearer YOUR_TOKEN as the value.
Within your custom code it is necessary to write manually
Bearer before adding your token, otherwise, Pipefy will not be able to authenticate the user. Be sure to use the
Authentication key and see examples of how to send a Bearer token in different languages. Try it and check the response, if you see your user ID and email in the response, it means that you correctly authenticated to Pipefy.
On an API platform, like Postman or Insomnia, it is unnecessary to manually write "Bearer" before your token, as the application will do it for you. Go to the "Authorization" tab, choose "Bearer Token" as the type, and input your token as the value. See below an example of Postman.