Showing up login screen, when creating a timeline events for each contact via Java Coding/POSTMAN
SOLVE
Hi Experts,
How can we get value for "code" without logging into Hubspot account when we're hitting the URL from java code or POSTMAN? (where end-user shouldn't notice any of these actions)
For example: If I hit the below URL in the browser (Private mode)
How can I authenticate via java coding to get the value for query param "code" or do we have any other way of implementation for creating Timeline events for each contact via Java code?
Please let me know if I need to pass any extra params to authorize automatically.
Please see attached screenshots for reference.Image1Image2
Your HubSpot app only exists between the Hybris back end and your HubSpot account. End users like those logging into a Hybris-based ecommerce site will never interact with the HubSpot APIs, just with your front end.
Said differently, individual users do not need OAuth tokens. Instead, the Hybris back end needs one valid OAuth token per account so that it can create timeline events based on Hybris login events.
To kick off the process which gives your back end OAuth tokens, one of the users in your own HubSpot account (e.g. your test account, 6595917) must navigate to your app's authorization URL and approve the integration.
Once this is completed, your back end service can pick up the code value appended to the redirect_uri and make a request to this endpoint. If your request is valid, you will receive your first access and refresh tokens.
From this point, no user interaction is required as long as your app remains connected to account 6595917. Your back end code should refresh the access tokens whenever you need to send information from Hybris into your HubSpot account.
It's the standard process which is followed in an oauth 2.0.
When we initiate the oauth with Client ID and Client Secret, we need to login to HubSpot and select the specific portal which needs to be connected with the APP. It can be a case that under a single email account, we can have multiple portals registered. So here it becomes necessary to select the account/portal.
After a portal being selected, it asks for access to following scopes that APP uses and connects the APP with account. Thenafter, the flow get back to URL mentioned under redirect_uri with query param code which helps in getting access and refresh token.
Said differently, @Mahesh1250, HubSpot only uses OAuth's Authorization Code Flow, which must involve user action the first time an app is connected. There is no programmatic workaround here — a logged-in user must approve the scopes the app is requesting.
Once this is done, though, and your app retrieves the code from the redirect_uri and uses it to get access and refresh tokens, you don't need to involve users going forward unless the app becomes disconnected. Your app can programmatically refresh the access tokens when they expire for use in creating timeline events.
- For every successful contact login into a Hybris based eCommerce website, we need to create a timeline event for that contact to know how many times he logged-in in the last 4 weeks.
Note: This eCommerce user doesn't have an account with HubSpot (not like a Google/Facebook) to enter credentials when HubSpot login screen pops up.
If there are multiple portals in one Hubspot account, we can send link like below to pick the exact one (6595917)
If we click on the above URL, it'll ask me to log in.
Question 1: can I send credentials in any way to automate the function. or can I use any other grant type(instead of authorization_code) to get an access token to create timeline events?
Please suggest me the best approach to achieve this requirement.
Your HubSpot app only exists between the Hybris back end and your HubSpot account. End users like those logging into a Hybris-based ecommerce site will never interact with the HubSpot APIs, just with your front end.
Said differently, individual users do not need OAuth tokens. Instead, the Hybris back end needs one valid OAuth token per account so that it can create timeline events based on Hybris login events.
To kick off the process which gives your back end OAuth tokens, one of the users in your own HubSpot account (e.g. your test account, 6595917) must navigate to your app's authorization URL and approve the integration.
Once this is completed, your back end service can pick up the code value appended to the redirect_uri and make a request to this endpoint. If your request is valid, you will receive your first access and refresh tokens.
From this point, no user interaction is required as long as your app remains connected to account 6595917. Your back end code should refresh the access tokens whenever you need to send information from Hybris into your HubSpot account.
I see your testing app is now connected to account 6595917! Let either @himanshurauthan or me know if you're having issues refreshing access tokens. It can be tricky at first.
After seeing your response, I confirmed that the first time we need to authenticate the app to get the code and by using this code we'll get access_token & Refresh_token.
1. Access_token will expire every 6 hours, so we need to catch the invalid token exception and need to create new access_token by using refresh_token. So in this way, we don't need to repeat step 1 (i.e.authenticate the app to get the code) which is good.
Question :
- Is there any expiration for refresh_token? If yes, how we need to handle this case in production environments?