I've doubt about HAPI and Access token, where to use
I've custom email subscription in my site, I've used HAPI for subscriptions, but I need to migrate to AUTH2.0. I've adding subscription by Ajax, When user fill up the form I'm adding contact by API, but if I use Auth2.0, how can I redirect user and how can I handle it by ajax.
tl;dr is that the OAuth flow is designed to allow a HubSpot user to install an app to their account. Once that's done, the integrator receives an access and refresh token, which they can use to make requests on behalf of the user's account.
P.S. Neither authentication method (API key or OAuth token) should be used when making AJAX requests from client side Javascript, since this exposes the tokens publicly. Best practice is to make these requests server-side. I would recommend deactivating any API keys / OAuth tokens that have been exposed in client side Javascript.
How do I make a request from server side? I'm making a request from the client side for subscriptions. If you have something knowledge about please can you share with me? I'm not getting how to handle at server side.
I'm sending a ajax request from client side to server and then from server, I'm making a request to Hubspot API. in API call from server to Hubspot, I'm sending API key, Sorry for the confusion.
No worries, thanks for clarifying! To use OAuth instead of an API Key, a user in the HubSpot account will need to complete the OAuth flow so that you can get the refresh/access tokens. Check out the OAuth Quickstart project for some example code:
I'm not totally sure what you mean here. It's not secure to make authenticated requests to the HubSpot API from frontend JavaScript, including the requests required to complete the OAuth flow.
Can you give me more details on what specificially you're trying to do?