I've doubt about HAPI and Access token, where to use

umeshnevase
Member

I've custom email subscription in my site, I've used HAPI for subscriptions, but I need to migrate to AUTH2.0. I've adding subscription by Ajax, When user fill up the form I'm adding contact by API, but if I use Auth2.0, how can I redirect user and how can I handle it by ajax. 

 

I've one doubt also, Why visiting user need the HubSpot account? as the user has to grant access, https://developers.hubspot.com/docs/methods/oauth2/oauth2-quickstart

0 Upvotes
6 Replies 6
Derek_Gervais
HubSpot Employee

Hey @umeshnevase ,

 

This post might help clarify things:

https://community.hubspot.com/t5/APIs-Integrations/HubSpot-OAuth-FAQ/m-p/262729#M23479

 

tl;dr is that the OAuth flow is designed to allow a HubSpot user to install an app to their account. Once that's done, the integrator receives an access and refresh token, which they can use to make requests on behalf of the user's account.

 

P.S. Neither authentication method (API key or OAuth token) should be used when making AJAX requests from client side Javascript, since this exposes the tokens publicly. Best practice is to make these requests server-side. I would recommend deactivating any API keys / OAuth tokens that have been exposed in client side Javascript.

0 Upvotes
umeshnevase
Member

Thanks @DerekE 

 

How do I make a request from server side? I'm making a request from the client side for subscriptions.  If you have something knowledge about please can you share with me? I'm not getting how to handle at server side.

0 Upvotes
umeshnevase
Member

@Derek_Gervais 

 

I'm sending a ajax request from client side to server and then from server, I'm making a request to Hubspot API. in API call from server to Hubspot, I'm sending API key, Sorry for the confusion. 

0 Upvotes
Derek_Gervais
HubSpot Employee

Hi @umeshnevase ,

 

No worries, thanks for clarifying! To use OAuth instead of an API Key, a user in the HubSpot account will need to complete the OAuth flow so that you can get the refresh/access tokens. Check out the OAuth Quickstart project for some example code:

 

https://developers.hubspot.com/docs/methods/oauth2/oauth2-quickstart

0 Upvotes
umeshnevase
Member

@Derek_Gervais

 

Thanks for links, I've already checked this link, but I'm not getting how to do auth2 with Ajax request. 

0 Upvotes
Derek_Gervais
HubSpot Employee

Hey @umeshnevase ,

 

I'm not totally sure what you mean here. It's not secure to make authenticated requests to the HubSpot API from frontend JavaScript, including the requests required to complete the OAuth flow.

 

Can you give me more details on what specificially you're trying to do?

0 Upvotes