Cookie content and expire information (hubspotapi -like)

SOLVE
Juliolt
Participant

Hi there!

 

My name is Julio. I am currently working in a integration of some of your endpoints to different DBs. I was asked a certain question that I don't know exactly how to answer.

 

There are some resources taken from endpoints like:

crm-search/search/beta

 

And there are some cookies that are needed such as `hubspotapi`, `hubspotapi-prefs`, or `hubspot.hub.id`. This cookies are given by our customer.

 

Is it possible to know the expiration time (if any) or the content (if any of them is encrypted with sensitive information)?

 

I can see the `hubspot.hub.id` in hubspot-cookie-security-and-privacy but I can't see `hubspotapi`.

 

Thank you!

 

Julio

0 Upvotes
1 Accepted solution

Accepted Solutions
WendyGoh
Solution
HubSpot Employee

Hey @Juliolt,

 

Happy to help clarify this!

 

hubspotapi - This cookie allows the user to access the app with the correct permissions. the cookie itself is short-lived (5mins), but the authorization will persist for 28 days if "remember me" is checked, or for 7 days if not checked. After that, we make the user login again.

 

hubspotapi-prefs - This is used with the hubspotapi cookie to remember whether the user checked the "remember me" box (controls the expiration of the main cookie's authentication). Expires after a year.


hubspotapi-csrf - This is used for CSRF prevention - preventing third party websites from accessing your data. Expires after a year.

View solution in original post

4 Replies 4
WendyGoh
Solution
HubSpot Employee

Hey @Juliolt,

 

Happy to help clarify this!

 

hubspotapi - This cookie allows the user to access the app with the correct permissions. the cookie itself is short-lived (5mins), but the authorization will persist for 28 days if "remember me" is checked, or for 7 days if not checked. After that, we make the user login again.

 

hubspotapi-prefs - This is used with the hubspotapi cookie to remember whether the user checked the "remember me" box (controls the expiration of the main cookie's authentication). Expires after a year.


hubspotapi-csrf - This is used for CSRF prevention - preventing third party websites from accessing your data. Expires after a year.

View solution in original post

Juliolt
Participant

Thank you for the clarification!

0 Upvotes
jasonmp
Member

Hi!

0 Upvotes
jasonmp
Member

Hi, what are the limitations of using UI endpoints such as this? We're looking the get data not available with the current APIs

0 Upvotes