Single Send API - Authentication and HAPIKey questions

Report Inappropriate Content · ‎Mar 20, 2018

Hi, I'm looking to use the Single Send API from an application to notify users of various events. My organization recently purchased this add-on. Reading up on the documentation and trying to get my head around what plumbing needs to be in place, and have a few questions.

My application will invoke the Single Send REST API, specifying an email ID and various contact and custom parameters. From what I can tell, I don't need to create a HubSpot application, as I'm not integrating with any other vendors or applications. Sound correct?
I think I need to use an hapikey for authentication, rather than OAuth 2.0. OAuth authentication seems to be geared towards application integration. Is this understanding correct?
Do I have one, and only one, hapikey? It seems that way looking at the "Integrations" page in my HubSpot portal. I'd like to be able to generate separate hapikey's for use in DEV/QA, and Production environments. Is this possible? Any best-practice guidance on how to manage this?

Thanks! -Daire

Report Inappropriate Content · ‎Apr 4, 2018

OK, thanks very much @Derek_Gervais.

Derek_Gervais · ‎Apr 3, 2018

Hi @DaireLynch,

No, HubSpot does not support the 'Client Credentials Flow' as detailed in that article. HubSpot's OAuth support follows the 'Authorization Code Flow' as described in the article you provided. A user must grant access and approve the scopes requested; once they do that, you'll be given an access code, which you can use (in tandem with other app details) to request an access and refresh token. This process is the 'installation' of the app, and only needs to occur a single time.

In your case, this would represent 'installing' the app to your organization's HubSpot portal. Once you went through this process, your app would appear in that portal's 'Integrations' page, and you would be able to make requests using the access token provided.

If this integration is only going to be used by a single portal (your orgs portal) then you don't need to authenticate using OAuth; you can instead just use the hapikey for simplicity. It's up to you which authentication method you'd prefer; the only factor that would force you to use OAuth would be if you were considering making your app public and becoming a HubSpot Connect Partner (connect partner apps must use OAuth).

Derek_Gervais · ‎Mar 27, 2018

Hi @DaireLynch,

You don't have to create an app, but you can if you'd prefer to use OAuth instead of a hapikey.
You can use the Single Send API with either an OAuth access token or a hapikey
Each portal only has a single hapikey; it's not currently possible to have multiple hapikeys per portal.

Report Inappropriate Content · ‎Apr 2, 2018

Thanks for getting back to me Derek.

I guess I'm still a little unclear on the OAuth2.0 flow. It seems to require that I present a UI to the user asking them to permit access to the resource I want to access. This is not my use case. I just want to invoke the Single Send API, using my organization's account. Essentially, if we were to use OAuth here, I think it would follow the "Client Credentials Flow" - flow #4 here: https://medium.com/@darutk/diagrams-and-movies-of-all-the-oauth-2-0-flows-194f3c3ade85

Does HubSpot support this form of OAuth authenication, or, is the API key by best bet here, do you think?

Thanks again!

APIs & Integrations