OAuth 1.0 scope changes?

New Member


My story:
Our application currently uses HubSpot API with OAuth v1 using the “offline” scope.

This was fine for the API calls we were hitting like COS Publishing Clone Page and Update Page until very recently.

The Empty Response
After some of our projects threw errors, we realized making these API calls were returning a 200 OK empty response when they were previously returning page objects. We relied on the response object for page ID, among other things.

The Permission Error
About two days later, hitting this same API was returning permission errors stating our application didn’t have enough privileges to make our requests. (We may have gotten this improved response by moving the access token from request parameter to the request body, as required in OAuth v2). We had not changed our scopes for a long time, so I believe behavior has likely changed in HubSpot OAuth v1.

We tested the API calls with all different kinds of OAuth v1 scopes, but nothing seemed to work. The only thing that seemed to work was OAuth v2 with the correct relevant scopes.

Long story short, we are now working to migrate to OAuth v2 to fix this issue. I posted this mainly so that other OAuth v1 users may cut some time on their troubleshooting if they are running into the same issues.

Two questions:

  1. Have there been changes made to OAuth v1 scopes?
  2. Is there a correct way to make these API calls using OAuth v1?

Thank you,

1 Reply 1
HubSpot Employee

@james I appreciate you letting us know your troubles and solution. There haven’t been any changes to OAuth1 recently. It is probably a good thing that you are moving to OAuth2 as we are shutting down OAuth1 in 3 months(this August) anyways.