Do I need to use access_token when working with webhooks via API?


#1

Hi! I’m implementing HubSpot in our app via API. After reading the docs, I found out I need a testing portal to test authorization, but a developer account so I get the HAPIKEY - to be able to work with webhooks via API.

Our app works the way that it authorizes and then it subscribes the webhooks (having access_token from testing portal in the request header) and it gives me this:

POST https://api.hubapi.com/webhooks/v1/XXXXX/subscriptions?hapikey=XXXXX&userId=XXXXXresulted in a400 Bad Request` response: {“status”:“error”,“message”:"Request implies conflicting values for hub-id: XXXXX from [hapikey (XXXXX (truncated…)

When I remove the access_token from the header it works just fine. Is that the way to go? Or am I supposed to work with webhooks without authorization?

Thanks for help!


#2

Hi @Stano,

Using the Webhooks API requires OAuth authentication, but this applies to portals installing your app (like a test portal). If you’re using the API to manage your subscriptions, you’ll need the API key to your developer portal, since the subscriptions are related to your app, not a specific portal.