Response code:
403 forbidden Response body:
This oauth-token (******) does not have proper scope group permissions! (requires all of ids [1])","correlationId":"*","requestId":""
Question:
All the users under the account has same access: Contacts, Sales, Marketing.
is there any relations between user's access and application scopes? Could anyone please explain?
Is there any way we can identify that particular user has missing access permission thats why get owners throws 403?
An important thing to consider here is that integrations are always portal-wide . This means that a single user authorizes an integration, and that integration can then function for the entire portal . The OAuth2 flow should be thought of as installing an app to your portal; one user (an admin) needs to approves the app, and 'install' it to the portal. After that, the integration provides some user-independent functionality to the portal. It's not possible to create user-specific integrations using the HubSpot APIs, so there shouldn't ever be situations where more than one user needs to complete the OAuth2 flow for a single portal.
Knowing this, there shouldn't be a scenario where you're having multiple HubSpot users authorizing an integration. Only a single user needs to approve the integration. If that user is a Super Admin, they should be able to successfully approve the integration, and the resulting credentials can be used for all requests to the portal.
Thank You, Derek,
We understood what you mention but still have more question on that matter.
I have 2 users both are non admin under same portal (4099090)
user1: subhendu.maity@vonage.com
When user1 login OAuth flow show permission to access contact scope, but for user2 permission to access contact scope is not there.
What is the difference between these 2 users and showing different permission scope?
Hi Derek,
We just little bit puzzled why one user is getting 403 for get owners and others dont for same portalid/account.
As you said, Super Admin authorize your integration should solve this problem. How we do that in this scenario?
Here is an example, what we suspect is wrong during oAuth.
Good User: TM
Hi Derek,
Thanks a lot for your response!
do you mean the user who is getting 403 he must have Super admin access?
Here is 2 example user under same portal, user1 is getting 403 but user2 is fine.
My question is why some user is working fine and few users are getting 403 for same portal?
Can you give me the Hub ID of the portal in question? If you anticipate always needing access to the Owners API, I'd recommend making the contacts scope required.
Hub Id: 4099090
Under this hub id, most users can access owners API but some users not, even though they have identical permissions.
As free (non enterprise) user may not have access on contact scope and we dont have control their access/permissions, thats the reason we dont wanted to keepcontacts scope required.
initially we had contacts as required scope, then we face issue with few users were getting scope mismatch issue hence we move contacts scope optional.
Much appreciate if you can provide some detail guidance for this issue.