API and GDPR

Highlighted
Top Contributor

Hi,

I have a third party which I need to integrated with Hubspot, however I need them to have visibility to only part of my contacts (due to GDPR) is there any way using the API to limit the type of data they can see?

Reply
0 Upvotes
5 Replies 5
Community Manager

Hi @gil1001,

 

To get a full pictures of thing, how are you integrating the third party with HubSpot? Are you currently using the Get all contacts API to get all contacts from HubSpot and display it on the third party software and had like to set contact permission on the third party software? 

 

If you're looking to limit the contact gather from the get all contacts api based on user permission, this is currently not possible. That said, maybe you can explore into the option of setting the permission on the third party software? 

Reply
0 Upvotes
Top Contributor

The use case: a third party that provides us outbound services for a certain region. They have they software they use for that and we are looking to send them lead info and get updates on status.

I want them to have visibility only to the leads they need for their work - this is important for GDPR, from what we read the only way around it is using webhooks and landing page form.

Reply
0 Upvotes
Community Manager

Hi @gil1001,

 

How are these leads from HubSpot being send to the third party software? Are your team using any API e.g. Get all contacts | Contacts API?

Reply
0 Upvotes
Top Contributor

I haven't given them access as I'm concern that they'll get access to all of my DB but that was the initial idea. Is there a better way to do it while staying GDPR compliant?

Reply
0 Upvotes
Community Manager

Hi @gil1001,

 

While I'm not the best to advise about GDPR compliant, if a user have access to your portal hapikey, they will be able to use that and get all your portal contacts using this endpoint here: Get all contacts | Contacts API.

 

It is currently not possible to restrict contacts retrieval based on API key in HubSpot.

 

Only user with the Super Admin access in your account will have access to your HubSpot API key. In this case, I'd advise to only share the API key with the developer who is building this and after retrieving all the get all contacts information, implement a system to segment these contacts and set user permission access in your third party software.