La fonction de suggestion automatique permet d'affiner rapidement votre recherche en suggérant des correspondances possibles au fur et à mesure de la frappe.
Enforcing HTTPS for all outgoing requests made by the HubSpot platform
What’s happening?
HubSpot has multiple systems that can make outgoing requests to your integration, such as webhooks for getting notifications of updates in HubSpot, or CRM extensions which fetch data from your app to be displayed inside HubSpot. Currently, these requests allow for the specified request URL to use HTTP, and does not force the URL to use HTTPS. These requests can contain sensitive information, such as property values for records in HubSpot, and any URLs using HTTP would mean this data is being sent unencrypted. In order to make sure that HubSpot data is being sent securely, we’re going to start requiring that all outgoing URLs use HTTPS.
What’s changing?
Starting immediately, we’ll be requiring all new URLs to use HTTPS. Existing URLs will continue to function until December 4th, at which point we’ll be disabling any subscriptions that are still using HTTP. If your integration uses any of the systems mentioned below, we strongly recommend that you make sure that your systems support HTTPS requests, and that all of your subscription and fetch URLs are set to HTTPS before December 4th.
What systems are affected?
The following systems will be affected by this update:
Enforcing HTTPS for all outgoing requests made by the HubSpot platform
Hi all,
In order to give teams some flexibility during the winter holiday season, the deadline to migrate existing HTTP webhook URLs is being moved to Tuesday, January 15th 2019. All other details in this post remain unchanged.
Enforcing HTTPS for all outgoing requests made by the HubSpot platform
I have an SSL certificate on my site, but for some reason when I use HTTPS in HubSpot application webhook subscriptions it doesn't work, whereas when I use it in regular webhook triggers in workflows it does work.
I now have quite a critical issue for a client as I went in to test the change to HTTPS for their app in my developer portal, it doesn't work and now it won't allow me to change it back to HTTP.
Could you please take a look at it urgently as my client will be expecting to use the integration tomorrow?
The app I changed to HTTPS is Inbound Addons Deals, app id 58833. You'll see the errors there.
I'd appreciate your assistance as soon as possible please.
Enforcing HTTPS for all outgoing requests made by the HubSpot platform
@Derek_Gervais, can you please take a look at my question above urgently please as my client will be needing to use this within a couple of hours. Can you at least change that webhook subscription back to http until we work it out?
Enforcing HTTPS for all outgoing requests made by the HubSpot platform
No problem, thanks for following up! We're working on some documentation updates to make the webhooks local testing scenario more approachable and hope to have that released soon.
Enforcing HTTPS for all outgoing requests made by the HubSpot platform
I also have a problem with this. We use ngrok to test our webhooks between our test portal and the local / dev environment of our application.
It won't work witth https as we can't have a certificate.
I don't see any solution to this, and I'm sad.
I would rather have a big button asking me if I really want to use http (with the explanation above), and let the user decide if they want to accept the risks. Then it's the user's problem, not hubspot's.
I believe ngrok supports both HTTP and HTTPS tunnels natively.
ngrok by @inconshreveable (Ctrl+C to quit)
Session Status online
Account me@example.com (Plan: Free)
Version 2.2.8
Region United States (us)
Web Interface http://127.0.0.1:4040
Forwarding http://d1e4f9ed.ngrok.io -> localhost:12345
Forwarding https://d1e4f9ed.ngrok.io -> localhost:12345
Could you try using the https URL generated with ngrok in the webhooks configuration? If that doesn't meet your needs, I'd love to hear what error conditions you're seeing so that we can make the experience both secure and easy to adopt.