I want to use the single send API to send transactional email. However, when I make the call, it gives a 401 “Unauthorized access”, which makes sense because it needs authentication.
For authentication, can I use OAuth2.0 or do I have to use API keys? I need to do this programmatically as there is no user sitting there who can click to grant authorization.
I actually tried using the HAPIkey, but it still returns a 401 unauthorized access error.
I did a POST to “https://api.hubapi.com/email/public/v1/singleEmail/send?hapikey=my_hapi_key” and passed in this data:
{
‘emailId’ => EMAIL_ID,
‘message’ => {
‘to’ => ‘some@email.com’
},
‘contactProperties’ => [
{
‘name’ => ‘firstname’,
‘value’ => ‘xxxxx’,
},
{
‘name’ => ‘hubspot_owner_id’,
‘value’ => ‘xxxxxxx’,
}
],
}
My header was { ‘Content-Type’: ‘application/json’ }
And got this error as response: {:code=>"401", :message=>"Unauthorized", :body=>"{\"status\":\"error\",\"message\":\"Any of the listed authentication credentials are missing\",\"correlationId\":\"xxxxxxx\",\"engagement\":{\"vendorkey-gae\":\"vendorkey-gae not engaged. Vendorkey not found in request headers.\",\"hapikey\":\"hapikey not engaged. hapikey is not present in query params.\",\"oauth-token\":\"oauth-token not engaged. OAuth access token not found in request header.\",\"access_token\":\"access_token not engaged. Token not found in query params.\",\"shhkey-v1\":\"shhkey-v1 not engaged. Shhkey not found in the request header.\",\"internal-cookie\":\"internal-cookie not engaged. Cookie not found in the request.\",\"app-cookie\":\"app-cookie not engaged. App cookie is not present on the request.\",\"legacy-app-cookie\":\"legacy-app-cookie not engaged. Auth cookie is not present in the request.\",\"saml-redirect\":\"Not engaged, HubId not specified on the request, cannot identify Identity Provider. is missing\"},\"requestId\":\"xxxxxxx\"}
-Can someone please help me get my single send requests working?
I have two accounts on hubspot now - my main company account, and my dev account
-Related question: should I use hapikey from the main account for single send email or my dev account?
-One more question. . Are client ID and client secret same for both of these accounts?
Thanks for your reply! I have generated a token and securely saved the username and password. How can I use this to send the email? Do I pass the username/password in with contactProperies/customProperties params?
@pdata Sorry if I mislead you the tokens are just for the SMTP API. my apologies on that. You should be able to use your API key to your main account. When you tested that before were you using the API key for your dev account or your main account?
Data is:
{“emailId”=>“xxxxx”, “message”=>{“to”=>“xxxxxx”}, “contactProperties”=>[{“name”=>“firstname”, “value”=>“xxxx”}, {“name”=>“some_field_name”, “value”=>“xxxxx”}, {“name”=>“some_field_name”, “value”=>“xxxxxxx”}]}
But the error I am getting is:
{:code=>“401”, :message=>“Unauthorized”, :body=>"{“status”:“error”,“message”:“Any of the listed authentication credentials are missing”,“correlationId”:“xxxxxxxx”,“engagement”:{“vendorkey-gae”:“vendorkey-gae not engaged. Vendorkey not found in request headers.”,“shhkey-v1”:“shhkey-v1 not engaged. Shhkey not found in the request header.”,“access_token”:“access_token not engaged. Token not found in query params.”,“hapikey”:“hapikey not engaged. hapikey is not present in query params.”,“oauth-token”:“oauth-token not engaged. OAuth access token not found in request header.”,“app-cookie”:“app-cookie not engaged. App cookie is not present on the request.”,“internal-cookie”:“internal-cookie not engaged. Cookie not found in the request.”,“legacy-app-cookie”:“legacy-app-cookie not engaged. Auth cookie is not present in the request.”,“saml-redirect”:“Not engaged, HubId not specified on the request, cannot identify Identity Provider. is missing”},“requestId”:“xxxxxxxx”}"}
Yes, the API key was generated before we got this add-on. Can you verify in your system if the scopes are out of date? I can deactivate the current key and generate a new one but that’s gonna be a bit disruptive and I would like to avoid doing that if possible.
@pdata I’m still trying to find the right answer but I reached out to the engineering team and have confirmed that it shouldn’t matter when your API key was made. So you do not need to deactivate it.
@pdata I passed this along and here are the thoughts from my supervisor
The error they’re getting is pretty suspect. You wouldn’t normally get that “authentication credentials are missing” error unless the request was missing an auth type (so no hapikey or access_token or anything), or if there was some other problem with the auth type provided that we couldn’t tell which type of auth they meant to use. There may be a formatting problem with the URL they’re using, or they’re not actually including the hapikey at all. The error message includes “hapikey”:“hapikey not engaged. hapikey is not present in query params.”, which would mean it’s either not actually in the request URL, or formatted so poorly that we can’t actually tell (might happen if the query param is empty too, not 100% sure off the top of my head though).
If there was an actual problem with the key or account accessing transactional email, I think we return a 403 and not a 401, since in that case the key would be good, so we’d know who they are, but they wouldn’t have access to the specific thing they’re trying to access.
In this message is my entire code. As you can see, I AM using the hapikey in the url. Please take a look or show this to your supervisor and point to the specific problem.