APIs & Integrations


CRM Cards and Multi-Tenant SaaS

We have a multi-tenant SaaS application and are looking to provide a Card to customers. What is the recommended way of securely adding a Tenant ID to the requests that HubSpot makes to our endpoint?


Current situation:

  • User adds the App to their instance
  • Card call my app, passing a UserId and UserEmail
    • This UserEmail MIGHT be associated with more than one Tenant in my app;
    • and is it not possible that a use can spoof their email in HubSpot (rare, but possible attack vector)

Ideal is that the callback URL, includes a Tenant / My System ID in a hashed or trusted manner.



0 Replies 0

0 Replies

No replies on this post just yet

No one has replied to this post quite yet. Check back soon to see if someone has a solution, or submit your own reply if you know how to help! Karma is real.

Reply to post

Need help replying? Check out our Community Guidelines