Skip to main content
POST
/
v1
/
connect
/
{project_id}
/
tokens
cURL
curl --request POST \
  --url https://api.pipedream.com/v1/connect/{project_id}/tokens \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'x-pd-environment: <x-pd-environment>' \
  --data '
{
  "external_user_id": "<string>",
  "allowed_origins": [
    "<string>"
  ],
  "error_redirect_uri": "<string>",
  "expires_in": 123,
  "scope": "<string>",
  "success_redirect_uri": "<string>",
  "webhook_uri": "<string>",
  "allow_progressive_scopes": false
}
'
{
  "connect_link_url": "<string>",
  "expires_at": "2023-11-07T05:31:56Z",
  "token": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://pipedream.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Your app will initiate the account connection flow for your end users in your frontend. To securely scope connection to a specific end user, on your server, you retrieve a short-lived token for that user, and return that token to your frontend. See the Connect tokens docs for more information. When using the Connect API to make requests from a client environment like a browser, you must specify the allowed origins for the token. Otherwise, this field is optional. This is a list of URLs that are allowed to make requests with the token. For example: 
{
  "allowed_origins": ["https://myapp.com"]
}

Authorizations

Authorization
string
header
required

A short-lived OAuth access token for server-side requests. Generate one via the Generate OAuth Token flow or automatically when initializing the SDK client.

Headers

x-pd-environment
enum<string>
required

The environment in which the server client is running

Available options:
development,
production

Path Parameters

project_id
string
required

The project ID, which starts with proj_.

Pattern: ^proj_[a-zA-Z0-9]+$

Body

application/json

Request object for creating a connect token

external_user_id
string
required

Your end user ID, for whom you're creating the token

allowed_origins
string[]

List of allowed origins for CORS

error_redirect_uri
string

URI to redirect to on error

expires_in
integer

Token TTL in seconds (max 14400 = 4 hours). Defaults to 4 hours if not specified.

scope
string

Space-separated scopes to restrict token permissions. Defaults to 'connect:*' if not specified. See https://pipedream.com/docs/connect/api-reference/authentication#connect-token-scopes for more information.

success_redirect_uri
string

URI to redirect to on success

webhook_uri
string

Webhook URI for notifications

allow_progressive_scopes
boolean
default:false

When true, end users may authorize a subset of the app's OAuth scopes; only the app's functional scopes (needed for the post-OAuth test request) are enforced. Defaults to false.

Response

connect token created

Response received after creating a connect token

connect_link_url
string
required

The Connect Link URL

expires_at
string<date-time>
required

The expiration time of the token in ISO 8601 format

token
string
required

An authentication token with a limited lifespan

Pattern: ^ctok_[0-9a-f]{32}$