Not authorized to access application

SOLVE
mstralka
Member

I built an application months ago that creates several custom Timeline Event Types and then a user of our app can create custom Timeline Events of those Types on a Contact.

 

So far we've only used it with our own HubSpot Trial account but we are ready to publish it to the Marketplace.

 

We tested it in our own Test Account and everything worked fine.

 

My app uses OAuth to authenticate and has these scopes:

  • contacts
  • timeline
  • oauth

I'm not sure what changed or when, but now when I try to Get Timeline Event Types using my OAuth-authenticated account (which is a Super User), I get this 403 Forbidden exception:

Account '6787334' is not authorized to access Application '205036'

But I used OAuth to permit Application 205036 in account 6787334 as shown in this screenshot:

https://www.screencast.com/t/zaFLdiUeTAUl

 

If I use the hapikey instead of the OAuth access token, it works fine.

 

I've never had to use the hapikey before, and understand that the use of API Keys is discouraged.

 

Does anyone know why an OAuth access token would stop working for Timeline Event Type-related API calls?

0 Upvotes
1 Accepted solution

Accepted Solutions
WendyGoh
Solution
HubSpot Employee

Hi ,

 

When using this endpoint Get Timeline Event Types, it is the intended and documented behavior that you should work only with a developer hapikey

 

The reason it was working before which should not have been working, was an unintended behavior. 

 

As timeline event is attached to a dev portal, we would need to use the developer hapikey instead of OAuth authentication. 

View solution in original post

0 Upvotes
2 Replies 2
WendyGoh
Solution
HubSpot Employee

Hi ,

 

When using this endpoint Get Timeline Event Types, it is the intended and documented behavior that you should work only with a developer hapikey

 

The reason it was working before which should not have been working, was an unintended behavior. 

 

As timeline event is attached to a dev portal, we would need to use the developer hapikey instead of OAuth authentication. 

View solution in original post

0 Upvotes
advance512
Contributor

Why would you need the API key of the Developer to create timeline events in the Target Portal? After all, you already have the user OAuth authorized, you have the refresh token. Why is the API key even necessary?

0 Upvotes