Custom Objects with OAuth2

Kenan · ‎Sep 17, 2020

Hallo,

I have a developer App which is authenticated with my portal. All Api requests are going through but when I try accessing custom objects with the access tokens i get a "403 Forbiden" with the following message:

{
    "status": "error",
    "message": "App ******* is gated for custom CRM object types",
    "correlationId": "058b4d20-ba6c-4b22-b9d4-0accd5e5910a",
    "context": {
        "portalId": [
            "*******"
        ],
        "appId": [
            "*******"
        ]
    },
    "category": "GATED"
}

I gave the developer app all possible scopes and still got the same error.

What am i doing wrong? and is it possible to change the custom objects to free (ungated)?

Thanks
Kenan Alsabbagh

WendyGoh · ‎Sep 22, 2020

Hey @Kenan,

Thanks for providing further information.

Digging further into this, I was able to confirm that currently OAuth apps do not have create or edit access to custom objects, but they do have read access to the schemas. Therefore, if you are using OAuth to create the custom objects, a scope error will occur.

The reason is because giving apps create/edit access to schemas would allow apps to create custom objects for any portal in which they are installed. Custom objects are intended to be one-off and portal-specific. Allowing apps to create custom objects across any portal their app is installed in could lead to a messy experience for customers with many apps installed.

View solution in original post

Tim_Munro · ‎Oct 5, 2020

For the benefit of others, as of today OAuth based querying of custom objects records is now working.

davidoff2drew · ‎Oct 5, 2020

@WendyGoh I gotta ask, if this isn't possible, why is there an app on the right now marketplace that does all of these things?

Tim_Munro · ‎Oct 4, 2020

Hey @WendyGoh - in HubSpot test portals (e.g. portal 8582993) this same error message is returned when using OAuth to list (GET) records from CRM Custom Objects. Example:

GET https://api.hubapi.com/crm/v3/objects/p8582993_my_object?limit=100&properties=hs_all_accessible_team...

I dont believe that is correct/expected as according to the documentation OAuth authenticated API calls should be able to read/write records. Making the same call using the API key works OK. These are the scopes that were granted to when running this test:

contacts crm.objects.custom.read crm.objects.custom.write crm.schemas.custom.read

When authorizing the app it indicates that read/write custom object records permissions is being granted to the App.

Have I missed something here, e.g. is there an App approval process needed?

Thanks, Tim

WendyGoh · ‎Sep 21, 2020

Hey @Kenan,

Currently, the custom object is in beta and will be roll out tomorrow and it is only available for Enterprise users.

Can I check if the portal that you'd installed the app on, is on a enterprise subscription?

If so, could you share with me the app ID and portal ID in question?

Kenan · ‎Sep 21, 2020

Hi Wendy,

The entire thing should be rolled out as soon as possible on our enterprise subscription. But i am in the final testing stage on a test account. And custom objects are already available for us on both accounts (test and live).

Test System:

AppID: 227665
PortalID: 7157252

Thanks in advance
Kenan Alsabbagh

WendyGoh · ‎Sep 22, 2020

Hey @Kenan,

Thanks for providing further information.

Digging further into this, I was able to confirm that currently OAuth apps do not have create or edit access to custom objects, but they do have read access to the schemas. Therefore, if you are using OAuth to create the custom objects, a scope error will occur.

The reason is because giving apps create/edit access to schemas would allow apps to create custom objects for any portal in which they are installed. Custom objects are intended to be one-off and portal-specific. Allowing apps to create custom objects across any portal their app is installed in could lead to a messy experience for customers with many apps installed.

HBhati · ‎Jul 22, 2022

Hi @WendyGoh
Do OAuth access tokens have access now to create or edit access to custom objects?

nyergler · ‎Sep 28, 2020

Thanks for digging into this, @WendyGoh . I just burned an hour trying to figure out the same issue, would it be possible to get the documentation updated to reflect this? Right now the CRM Custom Objects Schema docs show that the call should work with OAuth, and list an OAuth scope for the schema mutation calls.

Thanks again for all the guidance on here!

Nathan

WendyGoh · ‎Sep 30, 2020

Hey @nyergler,

Thanks for the feedback and I've passed it along to the internal team 🙂

Kenan · ‎Sep 22, 2020

Hi @WendyGoh,

Thank you for your answer.

Kenan Alsabbagh

APIs & Integrations