APIs & Integrations

jmoulton
Member

How do you get OAuth API token without redirecting to a new URL?

Our integration will interact with the API strictly behind-the-scenes. Is there a way to get an OAuth API token without using a redirect? A redirect will not work for our integration.

0 Upvotes
9 Replies 9
jjl
Participant

How do you get OAuth API token without redirecting to a new URL?

We have a similar scenario. We’re using the API for an internal app, but we’d like to be able to use the identify_visitor endpoint (http://developers.hubspot.com/docs/methods/tracking_code_api/identify_visitor).

Since this call would have to be made on the front-end using JavaScript (I assume) instead of the back-end, like most of the other parts of our integration, wouldn’t using the hapi key for that be a security risk?

Are there ways to identify a visitor that wouldn’t involve exposing the hapi key?

0 Upvotes
robertainslie
HubSpot Employee
HubSpot Employee

How do you get OAuth API token without redirecting to a new URL?

@Jacob - when using the ‘identify visitor’ call of the Tracking Code API, you don’t need to make an authenticated call. This JS function is consumed by the HubSpot Tracking Code (so, the JS tracking code needs to be on the page if using the JS identify call). It’s a way of connecting the browser cookie set by the tracking code to a specific contact, as known by their email address.

0 Upvotes
jjl
Participant

How do you get OAuth API token without redirecting to a new URL?

Aaaaaah! Thanks so much, @Robert_Ainslie!

0 Upvotes
jcenteno
Member

How do you get OAuth API token without redirecting to a new URL?

Hi,

Just like to add a question to this topic.

If the API key is what we are going to use. How can i integrate with Timeline Event Creation? It requires me to use the token. Any comment on this?

Here’s the API call

Create or update a timeline event

PUT /integrations/v1/:application‐id/timeline/event - Create or update a timeline event

Thanks in advance.
Jayson

IvanZh
Member

How do you get OAuth API token without redirecting to a new URL?

Hi @jcenteno, do you have any updates? Have you solved your problem? Thanks!

0 Upvotes
jmoulton
Member

How do you get OAuth API token without redirecting to a new URL?

Okay. I can do that. I was under the impression that it was for testing and that production releases should use OAuth. Is it still okay to use the HAPI key in production in this instance?

0 Upvotes
seb_fairchild
Member

How do you get OAuth API token without redirecting to a new URL?

@jmoulton if you are building the integration solely for singular use with your portal, it’s fine to use the HAPI key in production.

seb_fairchild
Member

How do you get OAuth API token without redirecting to a new URL?

@jmoulton

If you are building an internal app that doesn’t need scoping for individual users, I would recommend using your HAPI key instead.

Sebastian

0 Upvotes
jmoulton
Member

How do you get OAuth API token without redirecting to a new URL?

A little more detail: Our integration is only for our company, not for our users. We have a system that captures client details that we want to synchronize to HubSpot to ensure we have the same data in both systems. All of the synchronization should happen behind-the-scenes through API calls.

The gist is that we want to authorize our external app, not our individual users. So how do we get an authorization token without the redirect_uri parameter? Can we generate it with the secret on our own using OAuth libraries?

0 Upvotes