Is it possible to request scopes read-only with OAuth 2.0


#1

We’re asking for the contacts scope for our integration, using Oauth 2.0. However, we only need read access, not write access and we’ve had customers asking us why we’re asking for write access.

It looks like it was possible to ask for just read access before (https://developers.hubspot.com/docs/methods/auth/initiate-oauth), is it possible to do so with Oauth 2.0?

thanks!


#2

Hi @Vijay_Chemburkar,

It’s not currently possible to request read-only scopes for an integration. I’m not aware of any plans to implement read-only scopes again; would you mind discussing your specific use case for read -only scopes?


#3

Sure. We only need to read owners, we don’t write to contacts or change anything else. We had users who had used other HubSpot integrations before ask us why we were requesting write access (I imagine they had used old integrations where the integrations were able to ask for just read access).

So, the use-case is really asking for the most limited set of permissions we can to be functional and making sure our users then know/trust we don’t have abilities on their account above and beyond what we need.