How to use Pipefy's API

Create smarter error-proof workflows with our API

Graziela Sabatini avatar
Written by Graziela Sabatini
Updated over a week ago

Estimated reading time: 5 minutes

If your company's processes depend on other tools besides Pipefy, you can count on our API to optimize your workflow. You can build your own integrations and make requests directly to Pipefy with it.

If this is your first experience with APIs, we recommend taking our basic API and integrations online free course.

We also have more content about this subject at Pipefy Developers and in our Community.

In this article, you will find:

What is an API?

API is an acronym for Application Programming Interface. It works as a connection between software or computers to simplify programming, making a more secure connection since an API only shows the information and actions essential to development.

What is it for?

In general, APIs avoid doing twice the work. You can use it to:

  • Transfer information from one software to another

  • Automate tasks in mass, such as creating cards and updating or deleting data

  • Edit fields in cards

  • Create and edit registers in your database

How to use Pipefy's API

Pipefy's API can integrate internal or third-party systems if they have a public API, and it must accept CORS (Cross-Origin Resource Sharing) requests. This mechanism allows a website to access resources from another one, even if it's a different domain. Learn more here.


GraphQL is a data query and manipulation language for APIs created by Facebook. This is also the name given to the back-end that provides information in GraphQL format. You can use it with other programming languages, like Node, Ruby, or Python.

👉 And here are references about queries, mutations, and more!


To use Pipefy’s API, you have two options: using our Integrated Development Environment (IDE) or making requests to our endpoint:

  • Public IDE or GraphQL playground: used to help with the commands. Mutations and any changes made in this area will reflect on your pipe. It's not possible to create automations or robots in it. In this IDE, it won't be necessary to setup an authorization code since this process is synced with the user authentication in Pipefy app.

  • Endpoint: You can use it to make requests against our API, and build custom integrations that best fit your needs.


You need a token OAuth2 Bearer to authenticate against Pipefy's GraphQL endpoint. Generate one following these steps:

  • Click on Generate new token

  • Give the token a description

  • Click on Save

  • Check on the token whenever it is needed to authenticate it on Pipefy


API permissions reflect the permissions on interface, in other words, if a user has the permission to do something on Pipefy Interface, they will have the permission to do it on the API. For example, if a company member has the permission to create pipes in the organization, they will be able to create pipes using the API, but they will not be able to change other users roles using the API, as members do not have permissions to change roles.

However, we recommend that you build integrations using an Admin or Super Admin user, as they have the higher role and will have the permission to perform all actions that you may need.

APIs calls limits

Each Pipefy's plan has a different limit of APIs calls per month:

  • Starter plan: until 20 API calls per month

  • Business plan: until 500 API calls per month

  • Enterprise plan: until 10.000 API calls per month

  • Unlimited: custom

An API call is a request sent to the server so that it returns with information. For example: search for cards with a certain title in a certain pipe.

Requests limits

  • The number of subsequent queries allowed per unit of time is 500 requests every 30 seconds. If the limit is exceeded, the user will not be able to request the API for 5 minutes.

  • The number of webhooks configurations is based on the process's size and depends on the organization's subscription. We recommend not having more than 30 webhooks for each pipe, but this can vary.

  • Inputs and outputs are primarily based on the size of your process, using predefined queries and mutations. Overall, each request only returns 50 records, requiring the use of paging.

  • The size limit for the attached files is 512MB for each file.

  • For security reasons, the generated file links are only available for 15 minutes.

Related content:

Did this answer your question?