Authentication for app rather than user



My question was partially answered here: Available OAuth2 grant types

but that does not really answer the question of how to authenticate an app but not on behalf of a particular user.

I need to update contacts on the basis of logged in users of a website. The user is a registered user of the site, but not of hubspot (where they are only a contact). I do not see how your Oauth flow supports this but the answer above (and the docs) imply Oauth should be used.


Welcome, @graemep.

Happy to help clarify. You say you "need to update contacts on the basis of logged in users of a website." Here's the use case I'm envisioning — please correct me if I've misunderstood something:

Someone visits your website and logs into their existing account. They updating some contact information, like their phone number. You then want this new phone number to update their corresponding HubSpot contact.

Is that right? If so, OAuth doesn't actually come in when that visitor logs in, and it doesn't matter that the visitor isn't actually a user in your account.

Instead, you would set up an app to process the information change and send it to HubSpot using — in the case above — the Contacts API (this endpoint would be one viable option to update a phone number).

To authenticate this call, you could either use your account's API key or set up an intermediary app and use it to authenticate with OAuth 2.0.

Please let me know if you have additional questions.


Thanks, exactly that scenario. There were some warnings in the docs against using API keys, so I wanted a clarification that it was OK in this case. I think I am OK for now unless I run into problems with specifics of the contacts API (but that seems well documented).

Thanks again.


Glad I could help, @graemep!