Please add a read-only login to the API

Highlighted
Occasional Contributor

Hi all;

Our product (reporting & docgen tool) only needs read-only access the the HubSpot data. Please add the means to create a login that is only allowed read-only access.

This is a safety measure, if the credentials are read-only it insures no damage is done accessing the API. We have customers where enforced read-only access is very important to them from a security perspective.

thanks - dave

Reply
0 Upvotes
2 Replies 2
Community Manager

Hi @DavidThielen,

 

Sorry for the delayed in response and I hope all is well with you Smiley Happy

 

By read-only access do you mean that those user have access to the HubSpot API key and you'd like them to get data from HubSpot API endpoint (e.g. get all contacts) however not POST data into HubSpot (e.g. create/update contact)?

 

If that's the case, this is currently not possible. As the HubSpot API key is only accessible for user who have Super Admin access in your account this means that they have full user permissions. 

 

If you're referring to restricting the user's permissions in app, you can set that up in your Users & Teams settings and you can learn more here: Edit a user's permissions

 

Hope this helps to clarify!

Reply
0 Upvotes
Occasional Contributor

Hi Wendy;

Yes, I mean the first the API access. This is a serious security vulnerability you have - that giving someone access to the API means they have full rights.

But it is what it is. 

thanks - dave

Reply
0 Upvotes