Keep your CRM calls running without manual token fixes. This workflow stores and refreshes OAuth tokens, then searches contacts by email on demand. It is great for teams that get leads from forms or apps and need reliable access to Pipedrive data.

Three webhooks drive the flow. One catches the OAuth code and saves both refresh and access tokens to Supabase. A second endpoint refreshes tokens using your client id and secret. The third endpoint receives a request with a person email, pulls the latest token from Supabase, calls the Pipedrive search API, and returns the result. If the access token is invalid, the logic refreshes it and tries again. The flow uses Supabase for secure storage, IF checks to detect token errors, and a loop that keeps the call stable.

To set this up you need a Pipedrive OAuth app and a Supabase project with a table for tokens. Expect fewer API failures, faster lead lookups, and less time spent fixing tokens. Use it to power web forms, chatbots, or internal tools that need quick CRM checks without downtime.

• OAuth code capture webhook stores refresh and access tokens in Supabase
• Database lookups filter by Platform and AppId to find the right token record
• HTTP requests exchange auth code for tokens and refresh tokens when needed
• Code step builds the client id and secret in base64 for secure token calls
• Contact search calls the Pipedrive persons search API using the email from the request
• IF checks detect invalid access tokens and trigger an automatic refresh
• Loop returns to fetch the updated token and retries the API call
• Respond to Webhook returns a clean 200 response with JSON data
• Error node stops the run and flags failures if token refresh does not work

• Automate 100% of token refresh steps so calls do not fail
• Cut contact lookup time from 10 minutes to under 1 minute
• Reduce expired token errors by up to 90% with auto retry
• Handle many webhook requests without manual work
• Connect CRM and database to keep access stable and secure

1. Import the template into n8n: Create a new workflow in n8n > Click the three dots menu > Select 'Import from File' > Choose the downloaded JSON file.
2. You'll need accounts with Pipedrive and Supabase. See the Tools Required section above for links to create accounts with these services.
3. In your Pipedrive account, create an OAuth app. Copy the client id and client secret. Set the redirect URL to the production URL of the n8n webhook named catch Auth code.
4. In Supabase, create a table for tokens, for example App_tok, with columns like ref_token, acc_token, Platform, and AppId. Make sure ref_token and acc_token are text fields.
5. In the n8n credentials manager, create a Supabase credential. Use your Supabase project URL and API key. Name it clearly, for example Supabase Automation.
6. Open the HTTP Request nodes named Generate Refresh Token from authcode and Refresh Access Token. In the credential dropdown, choose Basic Auth and enter your Pipedrive client id as the username and your client secret as the password, or click Create new credential and follow the on screen instructions.
7. Open the Supabase nodes (Look for the related record in Supabase, Get Pipedrive Token, Update tokens, Insert) and select the Supabase Automation credential. Map fields to ref_token and acc_token. Set filters to match your Platform and AppId values.
8. Copy the production URL of the catch Auth code webhook. Start the OAuth flow in Pipedrive and approve the app. Confirm a row is created or updated in Supabase with both tokens.
9. Copy the production URL of the Receive request webhook. Send a POST with JSON like {"person": {"email": "test@example.com"}} from Postman or curl. You should get a 200 response and a search result.
10. If you get an invalid token error, check the IF node condition text, confirm the refresh node is using Basic Auth with your keys, and verify the Supabase row updates with a new acc_token.
11. Optionally adjust the database filters for Platform and AppId to support multiple apps or tenants. Test both the token refresh endpoint and the search endpoint again.
12. When testing is stable, switch the webhooks to production mode and update any external form or app to post to the Receive request URL.