INVALID_AUTHENTICATION using API Key method

VEspo · ‎Mar 23, 2021

When I make this call from within Postman it works fine, but when I try to call it from my website I get the error at the bottom. Please advise why this would happen

https://api.hubapi.com/crm/v3/objects/contacts?hapikey=<my api key>?&limit=3&archived=false&properti...

401{"status":"error","message":"Authentication credentials not found. This API supports both API Key and OAuth 2.0 authentication and you can find more details at https://developers.hubspot.com/docs/methods/auth/oauth-overview","correlationId":"42b2380c-ebd3-422c..."}

HubSpot Account 8835722

VEspo · ‎Mar 31, 2021

I did. You can close this thread. I'm giving up on the API Key auths -- was able to get the oAuth working. Thanks!

View solution in original post

SKumar62 · ‎Aug 26, 2022

The issue remains with Auth token also.
Very disappointed.

DSvilpa · ‎Feb 26, 2022

Hi Guys, I solve it pretty quickly. The issue is Hubspot documentation for API_key is outdated, I assume because its a less secure method of authentification, especially if you send it through query parameters.

I can confirm, for api_key (not private app which uses auth2 auth), you need to use bearer authorisation, which does append it to the headers of the request.

import requests
endpoint = ".../api/ip"
data = {"ip": "1.1.2.3"}
headers = {"Authorization": "Bearer MYREALLYLONGTOKENIGOT"}

print(requests.post(endpoint, data=data, headers=headers).json())

VEspo · ‎Mar 31, 2021

I did. You can close this thread. I'm giving up on the API Key auths -- was able to get the oAuth working. Thanks!

malcolm1 · ‎Mar 30, 2021

It's working in Postman. Have you tried copying the working code using Postman's "code" converter to see what you get?

VEspo · ‎Mar 30, 2021

Yes -- I've tried sending it from both my localhost and website -- get the same error record for both

RMones · ‎Mar 29, 2021

Are u sure the API is send with the request from your website?

VEspo · ‎Mar 26, 2021

No - was using the API Key method -- same inside of Postman

VEspo · ‎Mar 25, 2021

Actually - the cookie doesn't do anything. I deleted it in Postman and it still ran. My code (outside of Postman) still gets a 401 Unauthorized response when I copy and paste from their code

malcolm1 · ‎Mar 25, 2021

Aren't you passing a Bearer token?

VEspo · ‎Mar 25, 2021

Thanks Malcom -- Authoorization Type = No Auth. The only thing I see different in the Postman code is that it is sending thru a cookie in the request header - I'm not finding anything about that in the documentation or endpoints.

dennisedson · ‎Mar 24, 2021

Hi @VEspo

When you say from my website? Are you using this in the front end js?

If so, I would highly recommend not doing that as you will expose the API key.

If not, can you give us some more details about what you are doing?

@malcolm1 might be able to help once we have some more info 😀

VEspo · ‎Mar 24, 2021

I’m the programmer for a customer who has a paid HubSPot account with you. They have the bulk of their data in an SQL database which connects to the website and their backend admin. They want me to keep their database and their HubSpot data in sync with your APIs – so I am trying to call your contacts API via a winhttp call from their website. It’s in ASP – and they have SSL on the site .. the key is not exposed. We do this with GHIN/USGA, MemberPlanet, GolfGenius, and many others. The main goal is to add/update/search and create contacts, as well as pulling changes and getting a full list of the contact IDs to match up to their SQL records. Nothing else at this time.

malcolm1 · ‎Mar 24, 2021

If it works in Postman then you have the right targets and the right data structures. Look at the way in which Postman is handling authentication and copy that into your winhttp call. By the way, do you know about Postman's "copy as..." command? It generates the same call that you are making via Postman in dozens of different languages.

off-topic: I sometimes which I could route the calls through my postman collection. It would be my secret power-tool.

APIs & Integrations