APIs & Integrations

Search APIs & Integrations for solutions or ask a question
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
jjimeno
Participant | Diamond Partner

‎Oct 8, 2020 10:58 AM

Participant | Diamond Partner

Add secret key forbidden

Hi, 

Hope everyone is doing great!

 

We are trying to add an API key for our serverless function in hubspot throught CLI, however, after running hs secrets add {keyname} {apikey}

I am getting this error:

The post to "add secret" in portal was forbidden.

What could be the issue here?

 

Also, how do we make our api's in serverless functions only accessible through the Hubspot website and not elsewhere? 

 

Thank you!


Regards,
Jess

Timeline and Extensions APIs
0 Upvotes
3 Replies 3
jmclaren
HubSpot Employee

‎Oct 8, 2020 5:21 PM - edited ‎Oct 8, 2020 5:23 PM

HubSpot Employee

Add secret key forbidden

Hey @jjimeno ,

Can you first make sure you are using the latest version of the CMS CLI, by updating: https://developers.hubspot.com/docs/cms/developer-reference/local-development-cms-cli#upgrade

Then as for why you are getting that error, it's likely the personal access key you are using to authenticate with your CLI tools does not have the serverless functions scope. You'll need to go in to your account and make sure it has that permission checked.
View your personal access key permissions
What is a personal access key? 

 

Additionally the serverless functions permission, is only available in accounts that have access to serverless functions. That means CMS Hub Enterprise or developer sandbox accounts.

Regarding your second question, due to CORs you can only make requests from connected domains, with the exception of GET requests.

Jon McLaren

Sr. CMS Developer Advocate

Get started developing on the HubSpot CMS Developer Changelog
How to optimize your CMS Hub site for speed

If my reply answered your question, please mark it as a solution, to make it easier for others to find.

0 Upvotes
jjimeno
Participant | Diamond Partner

‎Oct 9, 2020 7:29 AM - edited ‎Oct 9, 2020 7:29 AM

Participant | Diamond Partner

Add secret key forbidden

hi @jmclaren !

 

Thank you so much for the reply! 

Yes, I just updated the CMS CLI and followed the instructions to retrieve the personal CMS key. 

 

As for my second question, now we can access the API even if we call it through Postman for example. 

Our goal is not to expose the API and only accessible when its called from our site. 
Is it possible? 

 

Thank you!

 

0 Upvotes
dennisedson
HubSpot Product Team

‎Oct 22, 2020 1:55 PM

HubSpot Product Team

Add secret key forbidden

Hello @jjimeno ,

Sorry for delayed response!  I noticed you also asked this question another thread ( I will answer there as well for anyone searching and comes across that post )

At this time, we do not have a good solution for limiting the access.  It has been mentioned several times and we are investigating so stay tuned. 

0 Upvotes
Sunny

Sign up for the Developer Newsletter

Fresh content delivered to your inbox every month.
Add secret key forbidden
Developers
Oct 22, 2020