topic Re: Not authorized to access application in APIs & Integrations

Not authorized to access application

mstralka — Tue, 26 Nov 2019 22:14:07 GMT

I built an application months ago that creates several custom Timeline Event Types and then a user of our app can create custom Timeline Events of those Types on a Contact.

So far we've only used it with our own HubSpot Trial account but we are ready to publish it to the Marketplace.

We tested it in our own Test Account and everything worked fine.

My app uses OAuth to authenticate and has these scopes:

contacts
timeline
oauth

I'm not sure what changed or when, but now when I try to Get Timeline Event Types using my OAuth-authenticated account (which is a Super User), I get this 403 Forbidden exception:

Account '6787334' is not authorized to access Application '205036'

But I used OAuth to permit Application 205036 in account 6787334 as shown in this screenshot:

https://www.screencast.com/t/zaFLdiUeTAUl

If I use the hapikey instead of the OAuth access token, it works fine.

I've never had to use the hapikey before, and understand that the use of API Keys is discouraged.

Does anyone know why an OAuth access token would stop working for Timeline Event Type-related API calls?

Re: Not authorized to access application

WendyGoh — Thu, 28 Nov 2019 06:56:05 GMT

Hi ,

When using this endpoint Get Timeline Event Types, it is the intended and documented behavior that you should work only with a developer hapikey.

The reason it was working before which should not have been working, was an unintended behavior.

As timeline event is attached to a dev portal, we would need to use the developer hapikey instead of OAuth authentication.

Re: Not authorized to access application

advance512 — Thu, 30 Apr 2020 20:54:19 GMT

Why would you need the API key of the Developer to create timeline events in the Target Portal? After all, you already have the user OAuth authorized, you have the refresh token. Why is the API key even necessary?