I built an application months ago that creates several custom Timeline Event Types and then a user of our app can create custom Timeline Events of those Types on a Contact.
So far we've only used it with our own HubSpot Trial account but we are ready to publish it to the Marketplace.
We tested it in our own Test Account and everything worked fine.
My app uses OAuth to authenticate and has these scopes:
contacts
timeline
oauth
I'm not sure what changed or when, but now when I try to Get Timeline Event Types using my OAuth-authenticated account (which is a Super User), I get this 403 Forbidden exception:
Account '6787334' is not authorized to access Application '205036'
But I used OAuth to permit Application 205036 in account 6787334 as shown in this screenshot:
Why would you need the API key of the Developer to create timeline events in the Target Portal? After all, you already have the user OAuth authorized, you have the refresh token. Why is the API key even necessary?