✅ Tokens are short-lived
✅ OAuth clients support scopes, limiting access to specific operations
✅ Limit access to specific Pipedream projects (coming soon!)
Since API requests are meant to be made server-side, and since grants are not tied to individual end users, all OAuth clients are Client Credentials applications.
Creating an OAuth client
- Visit the API settings for your Pipedream workspace.
- Click the New OAuth Client button.
- Name your client and click Create.
- Copy the client secret. It will not be accessible again. Click Close.
- Copy the client ID from the list.
How to get an access token
In the client credentials model, you exchange your OAuth client ID and secret for an access token. Then you use the access token to make API requests. Pipedream offers TypeScript, Python, and Java SDKs, which abstract the process of generating and refreshing fresh access tokens./oauth/token
API endpoint:
Revoking a client secret
- Visit your workspace’s API settings.
- Click the … button to the right of the OAuth client whose secret you want to revoke, then click Rotate client secret.
- Copy the new client secret. It will not be accessible again.