Skip to main content
POST
/
v1
/
connect
/
{project_id}
/
tokens
cURL
curl --request POST \
  --url https://api.pipedream.com/v1/connect/{project_id}/tokens \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'x-pd-environment: <x-pd-environment>' \
  --data '
{
  "external_user_id": "<string>",
  "allowed_origins": [
    "<string>"
  ],
  "error_redirect_uri": "<string>",
  "expires_in": 123,
  "scope": "<string>",
  "success_redirect_uri": "<string>",
  "webhook_uri": "<string>",
  "allow_progressive_scopes": false
}
'
import { PipedreamClient } from "@pipedream/sdk";

const client = new PipedreamClient({
  clientId: "YOUR_CLIENT_ID",
  clientSecret: "YOUR_CLIENT_SECRET",
  projectEnvironment: "YOUR_PROJECT_ENVIRONMENT",
  projectId: "YOUR_PROJECT_ID"
});
await client.tokens.create({
  externalUserId: "external_user_id"
});
from pipedream import Pipedream

client = Pipedream(
  project_id="YOUR_PROJECT_ID",
  client_id="YOUR_CLIENT_ID",
  client_secret="YOUR_CLIENT_SECRET",
)
client.tokens.create(
  external_user_id="external_user_id",
)
package com.example.usage;

import com.pipedream.api.BaseClient;
import com.pipedream.api.resources.tokens.requests.CreateTokenOpts;

public class Example {
  public static void main(String[] args) {
  BaseClient client = BaseClient.withCredentials("<clientId>", "<clientSecret>")
    .projectId("YOUR_PROJECT_ID")
    .build()
  ;

  client.tokens().create(
    CreateTokenOpts
    .builder()
    .externalUserId("external_user_id")
    .build()
  );
  }
}
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.pipedream.com/v1/connect/{project_id}/tokens"

	payload := strings.NewReader("{\n  \"external_user_id\": \"<string>\",\n  \"allowed_origins\": [\n    \"<string>\"\n  ],\n  \"error_redirect_uri\": \"<string>\",\n  \"expires_in\": 123,\n  \"scope\": \"<string>\",\n  \"success_redirect_uri\": \"<string>\",\n  \"webhook_uri\": \"<string>\",\n  \"allow_progressive_scopes\": false\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("x-pd-environment", "<x-pd-environment>")
	req.Header.Add("Authorization", "Bearer <token>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(string(body))

}
{
  "connect_link_url": "<string>",
  "expires_at": "2023-11-07T05:31:56Z",
  "token": "<string>"
}
{
  "error": "Throttled"
}
Your app will initiate the account connection flow for your end users in your frontend. To securely scope connection to a specific end user, on your server, you retrieve a short-lived token for that user, and return that token to your frontend. See the Connect tokens docs for more information. When using the Connect API to make requests from a client environment like a browser, you must specify the allowed origins for the token. Otherwise, this field is optional. This is a list of URLs that are allowed to make requests with the token. For example:
{
  "allowed_origins": ["https://myapp.com"]
}

Authorizations

Authorization
string
header
required

A short-lived OAuth access token for server-side requests. Generate one via the Generate OAuth Token flow or automatically when initializing the SDK client.

Headers

x-pd-environment
enum<string>
required

The environment in which the server client is running

Available options:
development,
production

Path Parameters

project_id
string
required

The project ID, which starts with proj_.

Pattern: ^proj_[a-zA-Z0-9]+$

Body

application/json

Request object for creating a connect token

external_user_id
string
required

Your end user ID, for whom you're creating the token

allowed_origins
string[]

List of allowed origins for CORS

error_redirect_uri
string

URI to redirect to on error

expires_in
integer

Token TTL in seconds (max 14400 = 4 hours). Defaults to 4 hours if not specified.

scope
string

Space-separated scopes to restrict token permissions. Defaults to 'connect:*' if not specified. See https://pipedream.com/docs/connect/api-reference/authentication#connect-token-scopes for more information.

success_redirect_uri
string

URI to redirect to on success

webhook_uri
string

Webhook URI for notifications

allow_progressive_scopes
boolean
default:false

When true, end users may authorize a subset of the app's OAuth scopes; only the app's functional scopes (needed for the post-OAuth test request) are enforced. Defaults to false.

Response

connect token created

Response received after creating a connect token

The Connect Link URL

expires_at
string<date-time>
required

The expiration time of the token in ISO 8601 format

token
string
required

An authentication token with a limited lifespan

Pattern: ^ctok_[0-9a-f]{32}$