Here's a support thread that plays out constantly in WordPress forums:
"I'm trying to connect Contact Form 7 to Pipedrive. The API token keeps saying it's wrong but it IS correct. I even contacted Pipedrive support and they said the issue is on the plugin side."
The resolution? The user regenerated their Pipedrive API token and everything worked.
That's the fix but it's not the full story. If you're building or maintaining a CF7 → Pipedrive integration, there's a lot more to understand about why tokens go stale, how Pipedrive's auth has evolved, and how to set up the connection correctly so it doesn't break silently again.
Why a "Correct" Pipedrive API Token Gets Rejected
Pipedrive has two authentication systems in play right now, and this is where most confusion originates.
Legacy API Tokens (v1)
Pipedrive's older API (api.pipedrive.com/v1) uses a personal API token a static string you append as a query parameter or pass in a header. You find it under Settings → Personal Preferences → API.
These tokens look correct and are correct but they can silently invalidate under several conditions:
- Password change — changing your Pipedrive account password regenerates the API token
- Company admin revocation — if you're on a team plan, an admin can force-reset credentials
- SSO or SAML changes — switching to SSO on a Pipedrive account invalidates token-based auth
- Inactivity — some Pipedrive plans rotate tokens on extended inactivity
- 2FA enforcement — enabling 2FA on the account can trigger a token refresh
This is exactly what happened in the forum thread. The token was correct when it was copied — then it silently became invalid. The user thought the plugin was broken. The plugin was fine. The token had rotated.
OAuth 2.0 (Pipedrive's current recommendation)
For production integrations, Pipedrive now recommends OAuth 2.0 via their Marketplace app registration. This gives you access tokens + refresh tokens, so your integration survives credential rotation.
For CF7 integrations, most plugin-based approaches still use the legacy API token — which is fine for small sites, as long as you know to check the token when things break.
The Actual Integration Architecture
CF7 itself has no native Pipedrive connection the CF7 plugin author (@takayukister) confirmed this directly in the thread: "There is absolutely no connection between Contact Form 7 and Pipedrive."
You need a bridge. Three options:
Option 1: Dedicated CF7-Pipedrive Plugin
The forum user was using "Integration for Pipedrive and Contact Form 7" a dedicated plugin that maps CF7 fields to Pipedrive objects. It handles the API call internally, you just provide the token and field mapping.
Pros: Quickest setup, no code
Cons: Another plugin dependency, limited to what the plugin exposes
Option 2: Contact Form to API Plugin
Contact Form to API takes a generic approach you configure the Pipedrive API endpoint directly, set your auth header, and map CF7 fields to JSON keys. More flexible, works with any Pipedrive endpoint (Persons, Deals, Leads, Notes, Activities).
Option 3: Custom PHP via wpcf7_before_send_mail
Roll your own with wp_remote_post:
add_action('wpcf7_before_send_mail', function($contact_form) {
if ($contact_form->id() !== YOUR_FORM_ID) return;
$submission = WPCF7_Submission::get_instance();
$posted_data = $submission->get_posted_data();
$api_token = 'YOUR_PIPEDRIVE_API_TOKEN';
// Step 1: Create a Person
$person_response = wp_remote_post(
'https://api.pipedrive.com/v1/persons?api_token=' . $api_token,
[
'headers' => ['Content-Type' => 'application/json'],
'body' => wp_json_encode([
'name' => sanitize_text_field($posted_data['your-name']),
'email' => [sanitize_email($posted_data['your-email'])],
'phone' => [sanitize_text_field($posted_data['your-phone'])],
]),
'timeout' => 15,
]
);
if (is_wp_error($person_response)) {
error_log('Pipedrive Person error: ' . $person_response->get_error_message());
return;
}
$person_data = json_decode(wp_remote_retrieve_body($person_response), true);
$person_id = $person_data['data']['id'] ?? null;
if (!$person_id) return;
// Step 2: Create a Deal linked to the Person
wp_remote_post(
'https://api.pipedrive.com/v1/deals?api_token=' . $api_token,
[
'headers' => ['Content-Type' => 'application/json'],
'body' => wp_json_encode([
'title' => 'New Lead: ' . sanitize_text_field($posted_data['your-name']),
'person_id' => $person_id,
'pipeline_id' => 1, // your pipeline ID
'stage_id' => 1, // your stage ID
]),
'timeout' => 15,
]
);
});
This does two API calls: creates a Person, then creates a Deal linked to that Person. This is the correct sequence for getting a contact into Pipedrive's sales pipeline not just the CRM contacts list.
Pipedrive API: Key Endpoints for CF7 Integrations
| What you want to create | Endpoint | Required fields |
|---|---|---|
| Contact record | POST /v1/persons |
name |
| Sales deal | POST /v1/deals |
title |
| Lead (lightweight) | POST /v1/leads |
title, person_id or organization_id
|
| Note on a deal | POST /v1/notes |
content, deal_id
|
| Activity (callback, etc.) | POST /v1/activities |
subject, type
|
The token goes as a query parameter: ?api_token=YOUR_TOKEN
Or as a header (preferred for security keeps the token out of server access logs):
Authorization: Bearer YOUR_TOKEN
Pipedrive v1 accepts both. Use the header approach in production.
Token Troubleshooting Checklist
When your Pipedrive API token stops working:
- Regenerate the token — go to Pipedrive → Settings → Personal Preferences → API → Regenerate
- Check if your password changed recently — password change = new token
- Confirm you're using the right company account — if you have multiple Pipedrive accounts, tokens are per-account
- Test the token directly with cURL:
curl "https://api.pipedrive.com/v1/users/me?api_token=YOUR_TOKEN"
Expected response: your user object. If you get {"success":false,"error":"Unauthorized"}, the token is invalid regardless of what the UI shows.
- Check for whitespace — copy-pasting API tokens from browser UIs sometimes captures a trailing space. This makes the token look correct but fail on every request.
Quick Summary
The forum user's fix — regenerating the Pipedrive API token is correct and often all you need. But understanding why it happened (password change, admin reset, SSO) prevents it from being a mystery next time.
For a reliable CF7 → Pipedrive integration: use the Authorization header instead of the query parameter, build Person + Deal in two steps, and if you need this to survive long-term without manual token management, look at OAuth 2.0 or a plugin like Contact Form to API that centralizes your API configuration in one place.
Tags: #wordpress #pipedrive #crm #webdev
Top comments (0)