topic Re: HubSpot - Starface interation // User-Permissions in APIs & Integrations

HubSpot - Starface interation // User-Permissions

BFlory — Tue, 16 Dec 2025 09:03:52 GMT

Hello HubSpot community,

Currently we are trying to implement starface into our HubSpot. Everything works quite fine for all Superadmins. Unfortunately, we get this notification:

Translation: The linking process could not be completed. Authorization failed because your user account does not have permission for the required areas (tickets). Please contact your account super administrator to request the necessary permissions.

When I go into the specific user permissions as a superadmin, I see the following:

As I do understand this, every permission is granted at highest level.

Does anyone know what may cause the problem?

Best regards

Ben

Re: HubSpot - Starface interation // User-Permissions

GiantFocal — Tue, 16 Dec 2025 11:16:55 GMT

Hi @BFlory,

This screenshot does not indicate a user permission issue. Instead, it relates to who has the authority to approve the scopes requested by STARFACE.

For apps that need the tickets scope and often additional CRM scopes, HubSpot only allows users with App Marketplace Access or Super Admin rights to approve these scopes. Ensure your account has this permission.

Re: HubSpot - Starface interation // User-Permissions

BrandonWoodruff — Tue, 16 Dec 2025 14:37:18 GMT

Hello, Can you confirm that the authorizing user has a Service Hub Seat?

This could be caused by OAuth seat requirements if the user doesn't have the correct seat to provide the tickets scope.

Let me know if this helps, or if you have any other questions!

✔️ Was I able to help answer your question? Help the community by marking it as a solution.

Brandon Woodruff
Senior Software Developer @ Pearagon

Still have questions? Reach out at brandon@pearagon.com

Re: HubSpot - Starface interation // User-Permissions

BFlory — Tue, 16 Dec 2025 14:45:21 GMT

Hey Brandon,

The user has the license "Core":

Shouldn't it be fine this way, since it includes all the "starters":

Re: HubSpot - Starface interation // User-Permissions

BFlory — Tue, 16 Dec 2025 14:48:53 GMT

Hi @GiantFocal ,

I went to the following settings in HubSpot and turned on every thing that had to do with market place:

Unfortunately this did not seem to be enough to change it. The message still appeared when we wanted to connect it.

Re: HubSpot - Starface interation // User-Permissions

RubenBurdin — Tue, 16 Dec 2025 15:13:29 GMT

Hi @BFlory , the screenshot you shared is actually very helpful, and it points to something subtle but important in how HubSpot evaluates permissions during OAuth installs.

Even though the user shows “Alle Tickets” for view, edit, delete, and merge, HubSpot does not treat object permissions and seat entitlements as the same thing during OAuth authorization. For apps requesting the tickets scope, HubSpot checks two things at install time. First, the user must have permission to approve app scopes. Second, the user must hold a Service Hub seat that unlocks ticket access at the product level, not just via role permissions.

A Core seat alone is not always sufficient for ticket-scoped OAuth apps, even if it “includes starters” on paper. The Core seat allows access to many features, but ticket APIs are still gated behind Service Hub entitlements when used by external apps. That’s why Super Admins work and standard users do not, even when their permissions look identical in the UI.

A quick way to confirm this is to temporarily assign the affected user a Service Hub seat (even a lower tier), then retry the STARFACE connection. In most cases, the authorization succeeds immediately once the seat is present. HubSpot documents this behavior implicitly under OAuth scope approval and object access, where product access is evaluated separately from role permissions (https://developers.hubspot.com/docs/api/working-with-oauth).

One more thing to double-check: make sure the authorizing user is the one completing the OAuth flow. Even if a Super Admin enabled Marketplace permissions globally, the individual user approving the app must personally meet the seat and scope requirements.

Hope this helps clarify why everything looks “green” in permissions, yet the install still fails.

Re: HubSpot - Starface interation // User-Permissions

BFlory — Wed, 17 Dec 2025 14:27:47 GMT

Thank you for your detailed reply.

We solved it with granting Super Admin permission to the user, connecting the app via OAuth and reassigning the original role. In that way it worked! Hopefully this does not come to a problem sometime later on but for now, it is fine.

Thanks a lot and best regards

Ben