GDPR: Consent using subscription API



For GDPR, we need to have our communication preferences (managed in hubspot as Email Subscription Types) available for our customers to easily opt in and opt out of.

Presently we are using the hubspot API to pull out the list of subscription types and determine a given user's selections. We use a different API request to update those preferences if the user subsequently wishes to opt out of that particular subscription.

It's a limitation on your side that we can't use this API to opt a user IN to a subscription type, which is not sufficient for GDPR, as we need to affirmatively opt in. See here specifically the line:

Note: It is only possible to opt email addresses OUT of all emails or a specific email subscription type, and there is NO UNDO for this operation.

I can see in your GDPR page that you are planning to update your subscription preferences page to allow opt in:

Alongside that change, the HubSpot subscription preferences page will be updated to support the needs of the GDPR. Currently the subscription preferences page allows Ana to opt out of different types of communications. This page will be updated to support opt-in preferences.

Can you also confirm that you will be updating the subscription API end point to allow opt ins? If so, can you give an estimation of when this might be?

GDPR Opt-in Email addresses

Does anyone know if there's a more appropriate place to post this? I really need an answer and GDPR is right around the corner!



I would check out our GDPR product readiness page for more details on GDPR-related functionality. We're still working on making changes to the product, so it's still being updated:


Hi Derek,

Thank you for replying. I'm aware of the GDPR page as I did quote it above.

The "Consent" and "Withdrawal of consent" sections are listed as "In Progress - Available early May". Can you give any indication on when this is going to be ready? At May 15th, I would say we're not really in "early May" any longer...

Please be aware that developers need time to integrate the API changes, test them and deploy to our production environments which is obviously not instantaneous. We really need to get the ball rolling on this if we're to make the GDPR deadline.

Any information or details you can give me would be really appreciated.


What would be the ETA?

In this new world, Acme can add fields to a form to allow Ana to opt in to specific subscription types. She won’t be opted into everything; just to the subscription types whose boxes she checked. Alternatively, if Ana comes into Acme’s database via import or API, Acme will be able to assign Ana a subscription type via either channel (note: this functionality is not currently available, but is being considered for implementation at a future date).


GDPR is live and we can't control it via API?


Hi all,

With the release of the new AJAX form submission endpoint, it's now possible to include consent information when creating contacts via the API. The note you mentioned is still valid, since it's not yet possible to set this subscription information via an import. Check out the docs for the new form submission endpoint here: