User facing permission issue while authorising app
@Chakradar_Raju you are correct. Though the way I think about it is that the Super Admin approves the scopes that an integration will have on behalf of the entire account. That integration will then work regardless of user permissions. If an integration uses the content and contacts scopes, a person with access only to the CRM will only be able to use the integration as it pertains to the CRM, however a user who has both access to the CMS and the CRM will be able to use the integration fully.
User facing permission issue while authorising app
Hi @Chakradar_Raju, I know that you're able to specify the userId when creating engagements/activities, and it will default to the person who connected the application if no userId is included. This is really the only solution I have to offer, as user specific integrations are not fully supported by our version of the OAuth2.0 spec.
User facing permission issue while authorising app
Can you confirm if my understanding it correct,
The expected use of API is to take authorization of only super admin and his access token can be used to perform activities as any of the users in that company, is that right?
User facing permission issue while authorising app
Hi @Chakradar_Raju, HubSpot's OAuth 2.0 flow is not meant to be used as a log in/ sign up flow for individual users. An application should be installed into an account just once and should only request the scopes that are necessary for the application to run so that the built in user permissions within the User settings in HubSpot can take over. For example, my application can request the contacts and content scopes. As a Super Admin, I can install this integration and can access all parts of the application, but my sales rep who does not have access to content cannot use that part of the integration.
In your outline, the desired scenario would be #1. The Super admin should install the integration, and their refresh/access tokens should be the ones that service all requests. Check out my answer on this topic for a bit more on OAuth:
To give you an concrete case that we use the access_tokens for, when we process a call on behalf of user from our dialer integration, we log it to hubspot as a call against a contact. Ideally we want to be able to make that activity look like it is from that specific user, is it possible? or should we do this only as a super admin?
User facing permission issue while authorising app
Hi @Chakradar_Raju, that message indicates that the user does not have permission to install the app to your account. Normally we'll suggest that Super Admins install integrations into accounts in order to avoid seeing this error.