Changes to how authorization works?

Report Inappropriate Content · ‎Oct 26, 2016

I’m getting a 403 Unauthorized Access error (cannot access an unscoped endpoint) when attempting to get data back from several endpoints. I’m still able to get data back as normal for other endpoints though (originally I was able to get data back from all endpoints). One endpoint I can’t get data back for is the blog authors endpoint. One endpoint I can get data back from is the Layouts endpoint. Any idea what could be causing this? I never seen “unscoped endpoints” mentioned before. Is it related to the recent changes to OAuth?

Report Inappropriate Content · ‎Dec 14, 2016

Hi @dadams,

My team is nearing a release of our HubSpot app, and we’ve been testing like crazy. As I mentioned before, our app attempts to extract all the data it can from a HubSpot user’s account via the HubSpot API. During stress testing, we’ve hit the API limit quite a few times over the past week, and today it appears that our IP has been blocked by the HubSpot server? I’ll PM you the portal ID we’ve been using as well as the IP we were testing from. Can you confirm for me if the IP has been “banned”? If it has, how can we get it un-banned?

Report Inappropriate Content · ‎Dec 6, 2016

Hi @dadams,

We’ve just found another potential issue. It seems like we can use Form’s list endpoint to get a list of all the forms associated with a user’s account, and the update endpoint to update a form, but we can’t use the delete endpoint to get rid of a form. This is the error we’re getting:

{
 "status": "error",
 "message": "This oauth-token (CKPdxLiNKxICXwEYlsSWASCH4a8BKNOFAjIZAEL7khONR9jo313e1Ho3Ac0KDu_YE3UJNA) does not have proper permissions! (requires any of [forms-access])",
 "correlationId": "8eecb947-3e04-437b-87a5-e6240fa988c5",
 "requestId": "6cb7882e-aac5-4c1e-9035-a01c36de399e"
}

Do we need to request a forms-access scope?

Dadams · ‎Dec 6, 2016

The forms scope should automatically be included with the contacts scope, if the portal has forms access, and any access token that can access the listing or update endpoints should be able to access the delete endpoint as well. Can you send me the Hub ID you were seeing that with?

As you already mentioned, the Calendar API was fixed late last week, no ETA on the Domains API yet but I’ll check with that team and see if there are any updates.

Dadams · ‎Dec 8, 2016

@Adam the forms issue was related to a change we made to separate access to contacts and forms. Forms access is only included with the marketing tools, so forms access was split out into its own forms scope. We originally ran a migration to grant forms access to the appropriate authorizations, but there were some other changes since that migration, and any authorizations between that migration and today would not have all of the needed permissions.

We’ve rerun that migration, so any newer authorizations should now have the needed scopes (assuming the authorization is for a portal with the marketing tools), but any future authorizations will need to request the forms scope to have access to the Forms API.

Initiate an Integration with Oauth 2.0

https://app.hubspot.com/oauth/authorize - Initiate authentication for an app using OAuth 2.0

Dadams · ‎Dec 13, 2016

@Adam we have a few updates on OAuth today. First, the issue with the domains API should be resolved, so you should be able to access those endpoints using OAuth2 tokens.

Second, we’ve added new optional_scope= parameter that can be used to request scopes that aren’t required by your app. Anything included in the scope= will be considered required, and you’ll see the same error for any issues with those scopes, but anything in optional_scope= will be considered optional, and we’ll automatically drop them from the authorization request if a portal doesn’t have access to that scope. You’ll need to check the details for the access or refresh token you get to see which scopes were actually granted.

There are some other details on the updated doc:

Initiate an Integration with Oauth 2.0

https://app.hubspot.com/oauth/authorize - Initiate authentication for an app using OAuth 2.0

Report Inappropriate Content · ‎Dec 13, 2016

Hi @dadams,

That’s very helpful, thanks a lot. The only question I have left then is what to do once my 30-day trial of HubSpot Marketing expires. At that point I’ll be unable to access a subset of the endpoints, which due to the nature of my app if problematic. I need to have access to all the endpoints to fully test my app before making an big changes. Is there any way I can get access to a “developer” HubSpot Marketing sandbox?

Report Inappropriate Content · ‎Dec 6, 2016

Also, I’ve been thinking ahead to when my 30-day trial of HubSpot marketing ends. I’ll still need access to all the scopes so that I can test all the endpoints. Is there a way for developers to get access to all scopes?

Report Inappropriate Content · ‎Dec 5, 2016

Hi @dadams,

Are there any updates on the fix ETA? It seems like we can access Calendar endpoints now, but still no luck with Domains endpoints.

Thanks

Report Inappropriate Content · ‎Nov 21, 2016

Hi @dadams,

I’ve upgraded my portal to a full account using the 30-day free trial and am able to successfully request access to all five scopes. I’m now able to access most of the endpoints, but I’m still getting the permissions error when I try to access any of the Calendar endpoints:

Are the calendar endpoints “unscoped”? If so, how can I request permission for such an endpoint?

UPDATE: After some more exploration it seems I don’t have access to any endpoints in the Calendar API, COS Domains API, and the Keywords API.

Dadams · ‎Nov 22, 2016

That looks like a bug with the calendar and domains endpoints. Passing those along to the dev teams.

I’m not seeing the same issue with the Keywords API, but this is probably because you need the reports scope, which was missing from the documentation but is required to access the Keywords API.

Report Inappropriate Content · ‎Nov 22, 2016

Ok. Is the reports scope accessible for all portal types, or just the full one?

Dadams · ‎Nov 22, 2016

The reports scope will only work with portals with the marketing tools.

Report Inappropriate Content · ‎Nov 22, 2016

Ok, thanks. Can you think of any workarounds we could use until the fix is in? One of the main features of our app is that it can pull data from all the HubSpot endpoints, so until the bug is fixed it’ll be a headache for some of our users (and by extension my team and me). It would really help us a lot if the bug could be fixed quickly. If it makes a difference, in addition to developing an app for HubSpot the company I’m working for is also a paying HubSpot subscriber.

Would you be able to let me know when you have more information about the fix (ETA etc)?

Dadams · ‎Nov 23, 2016

The dev teams are still looking at this, no ETA at the moment, but it’s unlikely that this will be fixed before next week.

Do you have any details for how you’re using the data from those two endpoints? Overall those APIs don’t see a lot of usage, and we’ve considered deprecating them in the past.

Report Inappropriate Content · ‎Nov 23, 2016

Our app takes the data returned from the HubSpot endpoints and converts them into SQL tables that programs like PowerBI and Tableau can work with. From our perspective, it’s not whether or not an endpoint is used a lot that’s most important, but rather whether or not we have complete coverage of all the endpoints that are available. So fixing the endpoints or depreciating the endpoints would both be solutions as far as we’re concerned.

Report Inappropriate Content · ‎Nov 18, 2016

Hey @dadams,

Yes, it was, but it was created before the switch over to the new scope system. I’ve enabled the 30-day Marketing trial and once again have access to all the endpoints. Hopefully, I’ll have everything tested and released before the 30 days expires!

Report Inappropriate Content · ‎Nov 14, 2016

There’s HubSpot Marketing, HubSpot CRM, and HubSpot Sales, right? Can you tell me which scopes are associated with each account type?

Dadams · ‎Nov 14, 2016

At the moment, CRM and Sales portals are effectively the same as far as scopes go, and they’ll only be able to get the contacts and timeline scopes. Portals with a Marketing subscription would have access to any of the scopes. This may change in the future so we’re still going to take another look at the oauth process.

Report Inappropriate Content · ‎Nov 18, 2016

Hi @dadams,

The development portal we’re using (2318521) is a Sales portal. With the changes to OAuth, this means we can only access a small portion of the HubSpot endpoints which makes testing our app difficult. Is is possible to upgrade our development portal to a marketing account, or somehow change its permissions so that we can test our app properly?

Dadams · ‎Nov 18, 2016

@Adam was that portal created as a test portal from your developer account?

How do I create a test portal?

Test portals can be used to test your integration without affecting your live HubSpot data.

APIs & Integrations