Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From Pipefy
Calls the Pipefy GraphQL API directly using curl or httpx when MCP tools and introspection both fail (Tier 3 fallback). Authenticates via OAuth2 or PAT.
npx claudepluginhub pipefy/ai-toolkit --plugin pipefyHow this skill is triggered — by the user, by Claude, or both
Slash command
/pipefy:pipefy-api-fallbackThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill activates only after Tiers 1 and 2 have failed. Call the Pipefy GraphQL API directly, bypassing the MCP server.
Discovers GraphQL type shapes, mutation signatures, enum values, and executes arbitrary GraphQL queries as a fallback when dedicated MCP tools fail.
Provides GraphQL API patterns for SuperOps.ai: Bearer token auth, query/mutation building, cursor pagination, rate limiting, and error handling.
Automates Grafbase operations via Composio's Grafbase toolkit through Rube MCP. Discovers tools, manages connections, and executes workflows.
Share bugs, ideas, or general feedback.
This skill activates only after Tiers 1 and 2 have failed. Call the Pipefy GraphQL API directly, bypassing the MCP server.
| Tier | Method | When |
|---|---|---|
| 1 | Dedicated MCP tool (create_card, update_pipe, etc.) | Always try first. |
| 2 | Introspection + execute_graphql | When no dedicated tool exists or a tool fails unexpectedly. See skills/introspection/pipefy-introspection/SKILL.md. |
| 3 | Direct HTTP via curl / httpx (this skill) | When the MCP server itself is unavailable, or execute_graphql fails with an infrastructure error. |
Do not jump to Tier 3 after a single tool failure. Follow the tiers in order.
Two options (use whichever is available in the environment). Prefer the Service Account when both exist.
Option A — OAuth2 Client Credentials (preferred):
TOKEN=$(curl -s -X POST https://app.pipefy.com/oauth/token \
-H "Content-Type: application/json" \
-d "{\"grant_type\":\"client_credentials\",\"client_id\":\"$PIPEFY_SERVICE_ACCOUNT_CLIENT_ID\",\"client_secret\":\"$PIPEFY_SERVICE_ACCOUNT_CLIENT_SECRET\"}" \
| python3 -c "import sys,json; print(json.load(sys.stdin)['access_token'])")
Option B — Personal Access Token (PAT):
TOKEN="$PIPEFY_PAT" # or $PIPEFY_TOKEN
PATs are deprecated for new integrations but may still exist in the environment.
Bearer prefix is mandatory — Pipefy rejects requests without it.PIPEFY_SERVICE_ACCOUNT_CLIENT_ID, PIPEFY_SERVICE_ACCOUNT_CLIENT_SECRET, PIPEFY_PAT, or PIPEFY_TOKEN in responses to the user or in logs.| Purpose | URL |
|---|---|
| All queries and mutations | https://api.pipefy.com/graphql |
| Schema introspection only | https://app.pipefy.com/graphql |
| OAuth2 token | https://app.pipefy.com/oauth/token |
Real operations go to api.pipefy.com; introspection goes to app.pipefy.com. The MCP server and CLI route between the two automatically (both derived from PIPEFY_BASE_URL); raw-API users must distinguish them by hand.
curl -s -X POST https://api.pipefy.com/graphql \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"query": "{ me { id name } }"}' | jq .
curl -s -X POST https://api.pipefy.com/graphql \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"query": "mutation CreateCard($input: CreateCardInput!) { createCard(input: $input) { card { id } } }",
"variables": {
"input": {
"pipe_id": 67890,
"title": "Fallback Card"
}
}
}' | jq .
| Situation | Use |
|---|---|
| MCP server running normally | MCP tools (Tier 1 or 2) |
| MCP server down / unreachable | Direct API (Tier 3) |
execute_graphql returns 500 error | Direct API (Tier 3) |
| Testing a new mutation before MCP tool exists | execute_graphql (Tier 2) — not direct API |
When you need to discover schema without MCP tools, call app.pipefy.com/graphql:
# All queries and mutations
curl -s -X POST https://app.pipefy.com/graphql \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"query":"{ __schema { queryType { fields { name description } } mutationType { fields { name description } } } }"}'
# Type details
curl -s -X POST https://app.pipefy.com/graphql \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"query":"{ __type(name: \"CreateCardInput\") { inputFields { name description type { name kind ofType { name kind } } } } }"}'
GraphQL always returns HTTP 200, even on errors. Check the errors array, not the HTTP status code.
| Code | Likely cause | Recovery |
|---|---|---|
| UNAUTHORIZED | Token missing, expired, or Bearer omitted | Re-fetch token (Option A) or fix the header. |
| PERMISSION_DENIED | Service Account not a member of this pipe/table | Add SA via invite_members or ask user. |
| resource_not_found | ID does not exist or SA cannot see it | Verify ID; check pipe/table membership. |
| invalid_input | Wrong argument name or type | Run introspect_type (Tier 2) to recheck the input shape. |
| INTERNAL_SERVER_ERROR | API bug or unsupported payload | Do NOT retry the same payload. Try an alternative mutation or workaround. |
| missingRequiredInputObjectAttribute | A required field is missing from the input | Compare the payload against __type(name: …InputType). |
create_card via automationcreateAutomation with action: create_card + field_map — returns INTERNAL_SERVER_ERROR (confirmed API bug).createCard with the throughConnectors parameter. Prerequisite: a connector field with canCreateNewConnected: true must exist.organization { pipes { ... } } returns [] but pipesCount > 0, the Service Account is not a member of those pipes.pipe(id: "...") directly.invite_members accepts unknown emails silentlyuser_id for typo addresses without rejecting the invite. Sanity-check email syntax before calling.Search for the exact error message + "Pipefy GraphQL", or the mutation name + "example Pipefy API".
Only after all 3 tiers and external resources have failed:
data key and errors is null or absent.Bearer prefix omitted. Re-fetch the OAuth token (Option A).INTERNAL_SERVER_ERROR in errors array — do NOT retry the same payload; pick a different mutation path.PIPEFY_TOKEN / PIPEFY_PAT only for personal/development use; use service-account credentials (PIPEFY_SERVICE_ACCOUNT_CLIENT_ID + PIPEFY_SERVICE_ACCOUNT_CLIENT_SECRET) for service accounts.execute_graphql and introspection tools through the MCP server before falling back to direct HTTP.