APIs & Integrations

mobyvb
Participant

How can I replace my API key with Oauth and remain automated?

SOLVE

To start us off, let me share the resources I have already gone through before I made this post:

https://developers.hubspot.com/docs/api/working-with-oauth

https://community.hubspot.com/t5/APIs-Integrations/Oauth/m-p/430067 (I think this person is trying to do the same thing as me, but the "solution" did not help me)

https://community.hubspot.com/t5/APIs-Integrations/oAuth-getting-access-token/m-p/655952

 

Background

We have integrated the Hubspot API with our app on the server side. There is no direct client-side interaction with Hubspot. When a user creates an account, logs in, conducts some important action, etc..., our application's backend sends behavioral events or form submissions to Hubspot, using our Hubspot API key.

 

Hubspot announced that API keys will be sunsetted at the end of November https://developers.hubspot.com/changelog/upcoming-api-key-sunset, so I am trying to find any possible way to continue using Hubspot with no downtime. The sunset link first suggests to migrate to use a Private App with access tokens. This is not an option for us, as we rely on behavior that Private Apps do not have (e.g. custom behavioral events), and our "integration is intended to be used by multiple HubSpot accounts" (I'm pretty sure).

So the remaining option is "Public App Using Oauth 2.0", which is documented here: https://developers.hubspot.com/docs/api/working-with-oauth

This is a direct quote from the docs which has been the main road block for me:

Send users installing your app to the authorization URL, where they'll be presented with a screen that allows them to select their account and grant access to your integration. After granting access, they'll be redirected back to your application via a redirect_url, which will have a code query parameter appended to it

Users of our app do not have direct interaction with Hubspot. The  communication with Hubspot is directly from our backend -> Hubspot's API. I understand that once you have an access token and refresh token, it is simple enough to automate api requests after that. But I need to be able to automate getting the access token in the first place. That means a system that requires a human being to interface with a UI in order to send data to Hubspot will not work for me.

 

Final thoughts/summary

November 30th is getting pretty close and I'm nervous about whether we'll be able to migrate our server-to-server Hubspot integration off of Hubspot API keys before then. The main issue is that I cannot figure out how to completely automate authentication for API requests to a Public App, without using a Hubspot API Key. All the resources I have found pertaining to Hubspot+Oauth suggest that human intervention is required to initialize authentication.

0 Upvotes
2 Accepted solutions
Mike_Eastwood
Solution
Key Advisor | Gold Partner
Key Advisor | Gold Partner

How can I replace my API key with Oauth and remain automated?

SOLVE

Hi @mobyvb 

 

You only need to manually Authorize the OAuth once. You can then store your Refresh Token on your server (we keep ours in a database to refresh it easily) and refresh the tokens with code.

 

Check out the SDKs here.  And here are some sample apps using OAuth.

 

Double check the Scopes before you start (which are important with OAuth). 

 

Have fun

Mike

 

p.s. thank you for the mention @Jaycee_Lewis 

View solution in original post

himanshurauthan
Solution
Recognized Expert | Diamond Partner
Recognized Expert | Diamond Partner

How can I replace my API key with Oauth and remain automated?

SOLVE

Hello @Jaycee_Lewis and @mobyvb,

 

So you can either use the private app (but they do not have custom behavioral events) that you are using, or you can use the OAuth 2.0. For that, you need to send an authorization URL, where the user can select the portal and then, get back to your redirect_url. Then, you can save the access token and refresh token but this will also not going to work for you.

 

You can directly connect to Hubspot support, ask for an alternative to the API key, or add custom behavioral events that you are using in your app so that you can use the private app instead of the API key.

 

Regards,

Digital Marketing & Inbound Expert In Growth Hacking Technology

View solution in original post

4 Replies 4
himanshurauthan
Solution
Recognized Expert | Diamond Partner
Recognized Expert | Diamond Partner

How can I replace my API key with Oauth and remain automated?

SOLVE

Hello @Jaycee_Lewis and @mobyvb,

 

So you can either use the private app (but they do not have custom behavioral events) that you are using, or you can use the OAuth 2.0. For that, you need to send an authorization URL, where the user can select the portal and then, get back to your redirect_url. Then, you can save the access token and refresh token but this will also not going to work for you.

 

You can directly connect to Hubspot support, ask for an alternative to the API key, or add custom behavioral events that you are using in your app so that you can use the private app instead of the API key.

 

Regards,

Digital Marketing & Inbound Expert In Growth Hacking Technology
Mike_Eastwood
Solution
Key Advisor | Gold Partner
Key Advisor | Gold Partner

How can I replace my API key with Oauth and remain automated?

SOLVE

Hi @mobyvb 

 

You only need to manually Authorize the OAuth once. You can then store your Refresh Token on your server (we keep ours in a database to refresh it easily) and refresh the tokens with code.

 

Check out the SDKs here.  And here are some sample apps using OAuth.

 

Double check the Scopes before you start (which are important with OAuth). 

 

Have fun

Mike

 

p.s. thank you for the mention @Jaycee_Lewis 

mobyvb
Participant

How can I replace my API key with Oauth and remain automated?

SOLVE

Thank you @Mike_Eastwood - this was the answer that worked for me. We ran a Hubspot Private app locally in order to retrieve the refresh token, then we configured our server backend to use this refresh token in order to send the api requests that we were sending previously using the api key.
Thanks a lot 🙂

Jaycee_Lewis
Community Manager
Community Manager

How can I replace my API key with Oauth and remain automated?

SOLVE

Hi, @mobyvb 👋 Thanks for reaching out. Hey, @himanshurauthan @Mike_Eastwood, have you tackled anything like this for your projects or for a client?

 

Best,

Jaycee

linkedin

Jaycee Lewis

Developer Community Manager

Community | HubSpot

0 Upvotes