APIs & Integrations

Search APIs & Integrations for solutions or ask a question
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
uaslam

‎Jan 16, 2025 4:47 PM - edited ‎Jan 16, 2025 4:52 PM

Member

OAuth flow for non super admin user

SOLVE

 

Hi, we’ve integrated HubSpot APIs with our web app, and users need to connect their HubSpot accounts using the OAuth flow. During the authorization flow, we are requesting the following scopes:
 
[ "crm.objects.companies.read", "crm.objects.companies.write", "crm.objects.contacts.read", "crm.objects.contacts.write", "crm.objects.custom.read", "crm.objects.custom.write", "crm.objects.deals.read", "crm.objects.deals.write", "crm.objects.quotes.read", "crm.objects.quotes.write", "crm.objects.users.read", "crm.objects.owners.read", "crm.schemas.companies.read", "crm.schemas.contacts.read", "crm.schemas.custom.read", "crm.schemas.deals.read", "crm.schemas.line_items.read", "crm.schemas.quotes.read", "tickets" ]
Once user is connected, we can access user data and perform different api operations such as create note, task. So each user has different access token and each user can perform these operations using his own access token.
However, with these scopes, only super admin users can complete the OAuth process. When a non-super admin user attempts it, they receive an error stating that they don’t have the required permissions.
I’ve already tried granting all available permissions to the non-super admin user, but the issue persists.
My assumption is that only super admin users can access HubSpot APIs. If that’s not the case, how can I enable non-super admin users to connect their HubSpot accounts using the OAuth flow? Are there specific permissions they need to have?
Developer tools
0 Upvotes
1 Accepted solution
uaslam
Solution

3 weeks ago - last edited 3 weeks ago

Member

OAuth flow for non super admin user

SOLVE

 

These are the two scopes that a non-admin user can't access
 
"crm.objects.users.read", "crm.objects.owners.read"
but fortunately we can set them optional in Hubspot app and then send them in authorization url in optional_scope query parameter and all required scopes in scope query parameter.
So, I have set them optional, when admin will perform OAuth it will be added automatically and when a non-admin will perform OAuth, hubspot will automatically skip them.
These are the minimum permissions needed to non-admin user to perform OAuth with all above scopes except users related.

CRM objects permissions tab
  • Contacts (view, edit)
  • Companies (View, edit)
  • Deals (view, edit)
  • Tickets (view, edit)
  • Tasks (view, edit)
  • Notes (view, edit)
  • CRM emails (view, edit)
  • Meetings (view)
  • Calls (view)

Automation tab

  • Workflows (view, edit or view only)

Account Settings Access tab

  • Turn on App Marketplace access
  • Turn on Edit property settings
     

View solution in original post

7 Replies 7
zach_threadint

‎Jan 16, 2025 5:03 PM

Guide

OAuth flow for non super admin user

SOLVE

Hi @uaslam 👋

 

The HubSpot User installing your app needs to either [1] be a super admin or [2] have the "App Marketplace Access" permission. Search for "App Marketplace Access" in this HubSpot Knowledge Base article to learn more.

 

I hope this proves helpful. Please let me know if you have any follow-up questions.

All the best,

Zach

--

Zach Klein
HubSpot Integrations & App Developer
Meanjin / Brisbane, Australia



Say g'day


If my post helped answer your query, please consider marking it as a solution.


0 Upvotes
uaslam

‎Jan 16, 2025 5:36 PM - edited ‎Jan 16, 2025 5:39 PM

Member

OAuth flow for non super admin user

SOLVE

Hi, thanks for response. I have toggled on App Marketplace Access permission and additionally i have given edit contacts, deals, companies, users permission (selecting All in each section). But i still see error.

Authorization failed because you don't have permissions to authorize the scopes required by the app. Please contact your super admin to get the necessary permissions.
0 Upvotes
zach_threadint

‎Jan 16, 2025 6:42 PM

Guide

OAuth flow for non super admin user

SOLVE

Hi @uaslam 👋

 

Thanks for the update. I now notice that you're using some scopes relating to "custom objects" -- these scopes are not automatically available to Public Apps. You'll first need to request access from HubSpot for the use of these custom object scopes: https://developers.hubspot.com/custom-objects-schema-pilot

 

I hope that proves helpful. Please let me know if you have any follow-up questions.

All the best,

Zach

--

Zach Klein
HubSpot Integrations & App Developer
Meanjin / Brisbane, Australia



Say g'day


If my post helped answer your query, please consider marking it as a solution.


0 Upvotes
uaslam

a month ago

Member

OAuth flow for non super admin user

SOLVE

@zach_threadint I am only using now companies and contacts scope, see below

  [
      "crm.objects.companies.read",
      "crm.objects.companies.write",
      "crm.objects.contacts.read",
      "crm.objects.contacts.write",
      # "crm.objects.custom.read",
      # "crm.objects.custom.write",
      # "crm.objects.deals.read",
      # "crm.objects.deals.write",
      # "crm.objects.quotes.read",
      # "crm.objects.quotes.write",
      # "crm.objects.users.read",
      # "crm.objects.owners.read",
      "crm.schemas.companies.read",
      "crm.schemas.contacts.read"
      # "crm.schemas.custom.read",
      # "crm.schemas.deals.read",
      # "crm.schemas.line_items.read",
      # "crm.schemas.quotes.read",
      # "tickets"
    ]

All the scopes which are commented (has # in start) I have set them optional in app and during OAuth flow, i don't send them as a part of url in scopes. But i still see same error, any thoughts?

0 Upvotes
zach_threadint

a month ago

Guide

OAuth flow for non super admin user

SOLVE

Hi @uaslam 👋

 

Thanks for the update. This is quite interesting and, as far as I'm aware, this crossover area of app development / user permissions is not currently documented by HubSpot. Furthermore, my experience testing this has been extremely inconsistent. FYI @Jaycee_Lewis @BérangèreL 

 

All I can recommend at the moment is to ensure that each user who needs to install the app [1] has either the "App Marketplace Access" permission or is a Super Admin and [2] has permissions that closely match all of the app's scopes (whether those scopes be required, conditional or optional).

 

I hope this proves helpful.

All the best,

Zach

--

Zach Klein
HubSpot Integrations & App Developer
Meanjin / Brisbane, Australia



Say g'day


If my post helped answer your query, please consider marking it as a solution.


0 Upvotes
uaslam

4 weeks ago

Member

OAuth flow for non super admin user

SOLVE

@zach_threadint since I have enabled all permissions and we're still facing an issue. What are the solutions you recommend to resolve it. Should i reach to hubspot support?

uaslam
Solution

3 weeks ago - last edited 3 weeks ago

Member

OAuth flow for non super admin user

SOLVE

 

These are the two scopes that a non-admin user can't access
 
"crm.objects.users.read", "crm.objects.owners.read"
but fortunately we can set them optional in Hubspot app and then send them in authorization url in optional_scope query parameter and all required scopes in scope query parameter.
So, I have set them optional, when admin will perform OAuth it will be added automatically and when a non-admin will perform OAuth, hubspot will automatically skip them.
These are the minimum permissions needed to non-admin user to perform OAuth with all above scopes except users related.

CRM objects permissions tab
  • Contacts (view, edit)
  • Companies (View, edit)
  • Deals (view, edit)
  • Tickets (view, edit)
  • Tasks (view, edit)
  • Notes (view, edit)
  • CRM emails (view, edit)
  • Meetings (view)
  • Calls (view)

Automation tab

  • Workflows (view, edit or view only)

Account Settings Access tab

  • Turn on App Marketplace access
  • Turn on Edit property settings
     

Sunny

Sign up for the Developer Newsletter

Fresh content delivered to your inbox every month.
OAuth flow for non super admin user
  These are the two scopes that a non-admin user can't access   "crm.objects.users.read", "crm.objects.owners.read" but fortunately we can set them optional in Hubspot app and then send t...
  These are the two scopes that a non-admin user can't access   "crm.objects.users.read", "crm.objects.owners.read" but fortunately we can set them optional in Hubspot app and then send t...
Developers
Jan 24, 2025