Authorize access to HubSpot against Contacts in HubSpot

RGroothuis · ‎Mar 3, 2023

I've an external mobile App that can retrieve data from HubSpot. Before the data is retrieved I want the mobile app user to authenticate himself against the HubSpot contact details. Only when the user credentials are successfully authorized that can be retrieved from the HubSpot database. How to set this up? Any suggestions?

I can do different API calls but how do I protect the data retrieve API calls to only allowed them when the user is authorized? I need something like a Auth token similar how it is used in OAuth. Suggestions?

himanshurauthan · ‎Mar 3, 2023

Hello @RGroothuis

First, register your mobile app with HubSpot by creating a new app in the HubSpot App Marketplace. During this process, you'll be asked to specify the app's permissions (e.g., read-only access to contacts), redirect URI (i.e., where users will be redirected after they've authenticated), and other details.

Once you've created the app, you'll need to obtain an OAuth client ID and client secret. These will be used to initiate the authentication process.

When a user wants to authenticate themselves against HubSpot, your mobile app should direct them to HubSpot's OAuth 2.0 authorization URL, passing along the necessary parameters (e.g., client ID, redirect URI, scope).

The user will be prompted to log in to their HubSpot account (if they're not already logged in) and authorize your app to access their HubSpot data

After the user has authorized your app, HubSpot will redirect them back to your app's specified redirect URI, along with an authorization code

Your app can then exchange this authorization code for an access token and refresh token, which can be used to make API calls to HubSpot on behalf of the user.

When making API calls to retrieve contact data from HubSpot, you can include the access token in the authorization header of the HTTP request. HubSpot's API will validate the token to ensure that the request is authorized.

Here's a link to HubSpot's OAuth 2.0 documentation, which provides more details and sample code for implementing this flow: https://developers.hubspot.com/docs/api/working-with-oauth

Thanks and Regards
Himanshu Rauthan

Digital Marketing & Inbound Expert In Growth Hacking Technology

View solution in original post

himanshurauthan · ‎Mar 3, 2023

Hello @RGroothuis

First, register your mobile app with HubSpot by creating a new app in the HubSpot App Marketplace. During this process, you'll be asked to specify the app's permissions (e.g., read-only access to contacts), redirect URI (i.e., where users will be redirected after they've authenticated), and other details.

Once you've created the app, you'll need to obtain an OAuth client ID and client secret. These will be used to initiate the authentication process.

When a user wants to authenticate themselves against HubSpot, your mobile app should direct them to HubSpot's OAuth 2.0 authorization URL, passing along the necessary parameters (e.g., client ID, redirect URI, scope).

The user will be prompted to log in to their HubSpot account (if they're not already logged in) and authorize your app to access their HubSpot data

After the user has authorized your app, HubSpot will redirect them back to your app's specified redirect URI, along with an authorization code

Your app can then exchange this authorization code for an access token and refresh token, which can be used to make API calls to HubSpot on behalf of the user.

When making API calls to retrieve contact data from HubSpot, you can include the access token in the authorization header of the HTTP request. HubSpot's API will validate the token to ensure that the request is authorized.

Here's a link to HubSpot's OAuth 2.0 documentation, which provides more details and sample code for implementing this flow: https://developers.hubspot.com/docs/api/working-with-oauth

Thanks and Regards
Himanshu Rauthan

RGroothuis · ‎Mar 3, 2023

Thanks @himanshurauthan for the explanation. First question when reading the explanation, what are the users? Where are the users stored in HubSpot? Are users the same as Contacts?

In my App the Contacts will be paying subscribers and when the Contact has still a valid subscription he is allowed, he can login into the mobile App. This Mobile App will get a list of Companies from HubSpot and displays them in the mobile App.

Is the solution you are describing above still workable for my use case?

himanshurauthan · ‎Mar 6, 2023

In the context of the OAuth 2.0 flow and HubSpot's API, "users" generally refers to individual HubSpot users who have authenticated and authorized your app to access their HubSpot data. These users may or may not correspond to the Contacts stored in your HubSpot account, depending on how your app is designed to function.

To clarify, Contacts in HubSpot refer specifically to individual people or customers who you are engaging with, while users are individuals who have access to your HubSpot account and can perform various actions such as creating and editing content, managing settings, and so on.

In your use case, it sounds like the Contacts in your HubSpot account are paying subscribers who can log in to your mobile app and access a list of Companies. To enable this functionality, you can follow the OAuth 2.0 flow as described in the earlier explanation to authenticate and authorize these Contacts to access their HubSpot data through your mobile app.

When implementing the OAuth 2.0 flow, you can specify the necessary permissions and scopes to retrieve the contact and company data you need from HubSpot's API. Once your app has obtained the necessary access and refresh tokens, you can use them to make API calls to retrieve the relevant data and display it in your mobile app.

But you may need to customize certain aspects of the implementation to fit your specific requirements and design.

APIs & Integrations