APIs & Integrations

Mahesh1250
Contributor

Showing up login screen, when creating a timeline events for each contact via Java Coding/POSTMAN

SOLVE

Hi Experts,

 

How can we get value for "code" without logging into Hubspot account when we're hitting the URL from java code or POSTMAN? (where end-user shouldn't notice any of these actions)

 

For example: If I hit the below URL in the browser (Private mode)

https://app.hubspot.com/oauth/<<Acc-ID>>/authorize?client_id=<<client_id>>&redirect_uri=<<URI>>&scop...

 

It's asking for login to Hubspot and then redirecting to <<redirect_uri>> with query param "code".

<<redirect_uri>>/?code=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx

 

How can I authenticate via java coding to get the value for query param "code" or do we have any other way of implementation for creating Timeline events for each contact via Java code?

 

Please let me know if I need to pass any extra params to authorize automatically.

 

Please see attached screenshots for reference.Image1Image1Image2Image2

 

 

 

 

 

 

 

0 Upvotes
1 Accepted solution
IsaacTakushi
Solution
HubSpot Employee
HubSpot Employee

Showing up login screen, when creating a timeline events for each contact via Java Coding/POSTMAN

SOLVE

Hi, @Mahesh1250.

 

Your HubSpot app only exists between the Hybris back end and your HubSpot account. End users like those logging into a Hybris-based ecommerce site will never interact with the HubSpot APIs, just with your front end.

 

Said differently, individual users do not need OAuth tokens. Instead, the Hybris back end needs one valid OAuth token per account so that it can create timeline events based on Hybris login events.

To kick off the process which gives your back end OAuth tokens, one of the users in your own HubSpot account (e.g. your test account, 6595917) must navigate to your app's authorization URL and approve the integration.

Once this is completed, your back end service can pick up the code value appended to the redirect_uri and make a request to this endpoint. If your request is valid, you will receive your first access and refresh tokens.

From this point, no user interaction is required as long as your app remains connected to account 6595917. Your back end code should refresh the access tokens whenever you need to send information from Hybris into your HubSpot account.

Isaac Takushi

Associate Certification Manager

View solution in original post

8 Replies 8
himanshurauthan
Thought Leader | Elite Partner
Thought Leader | Elite Partner

Showing up login screen, when creating a timeline events for each contact via Java Coding/POSTMAN

SOLVE

Hii @Mahesh1250 

 

It's the standard process which is followed in an oauth 2.0.

When we initiate the oauth with Client ID and Client Secret, we need to login to HubSpot and select the specific portal which needs to be connected with the APP. It can be a case that under a single email account, we can have multiple portals registered. So here it becomes necessary to select the account/portal.

 

After a portal being selected, it asks for access to following scopes that APP uses and connects the APP with account. Thenafter, the flow get back to URL mentioned under redirect_uri with query param code which helps in getting access and refresh token.

 

Thanks.

Digital Marketing & Inbound Expert In Growth Hacking Technology
IsaacTakushi
HubSpot Employee
HubSpot Employee

Showing up login screen, when creating a timeline events for each contact via Java Coding/POSTMAN

SOLVE

Thanks as always, @himanshurauthan!

 

Said differently, @Mahesh1250, HubSpot only uses OAuth's Authorization Code Flow, which must involve user action the first time an app is connected. There is no programmatic workaround here — a logged-in user must approve the scopes the app is requesting.

 

Once this is done, though, and your app retrieves the code from the redirect_uri and uses it to get access and refresh tokens, you don't need to involve users going forward unless the app becomes disconnected. Your app can programmatically refresh the access tokens when they expire for use in creating timeline events.

Isaac Takushi

Associate Certification Manager
Mahesh1250
Contributor

Showing up login screen, when creating a timeline events for each contact via Java Coding/POSTMAN

SOLVE

Thanks, @himanshurauthan & @IsaacTakushi for the response.

 

How we will handle the requirement like 

- For every successful contact login into a Hybris based eCommerce website, we need to create a timeline event for that contact to know how many times he logged-in in the last 4 weeks.

Note: This eCommerce user doesn't have an account with HubSpot (not like a Google/Facebook) to enter credentials when HubSpot login screen pops up.

 

If there are multiple portals in one Hubspot account, we can send link like below to pick the exact one (6595917)

 

https://app.hubspot.com/oauth/6595917/authorize?client_id=44954df5-xxxx-xxxx-xxxx-4a2a09xxxx43&redirect_uri=http://localhost:9001/xxxx/xxx...

 

 If we click on the above URL, it'll ask me to log in. 

Question 1: can I send credentials in any way to automate the function. or can I use any other grant type(instead of authorization_code) to get an access token to create timeline events?

 

Please suggest me the best approach to achieve this requirement.

 

Thanks in advance!

 

Thanks,

Mahesh.S

0 Upvotes
IsaacTakushi
Solution
HubSpot Employee
HubSpot Employee

Showing up login screen, when creating a timeline events for each contact via Java Coding/POSTMAN

SOLVE

Hi, @Mahesh1250.

 

Your HubSpot app only exists between the Hybris back end and your HubSpot account. End users like those logging into a Hybris-based ecommerce site will never interact with the HubSpot APIs, just with your front end.

 

Said differently, individual users do not need OAuth tokens. Instead, the Hybris back end needs one valid OAuth token per account so that it can create timeline events based on Hybris login events.

To kick off the process which gives your back end OAuth tokens, one of the users in your own HubSpot account (e.g. your test account, 6595917) must navigate to your app's authorization URL and approve the integration.

Once this is completed, your back end service can pick up the code value appended to the redirect_uri and make a request to this endpoint. If your request is valid, you will receive your first access and refresh tokens.

From this point, no user interaction is required as long as your app remains connected to account 6595917. Your back end code should refresh the access tokens whenever you need to send information from Hybris into your HubSpot account.

Isaac Takushi

Associate Certification Manager
Mahesh1250
Contributor

Showing up login screen, when creating a timeline events for each contact via Java Coding/POSTMAN

SOLVE

Thank you very much @IsaacTakushi for the solution Smiley Very Happy

0 Upvotes
IsaacTakushi
HubSpot Employee
HubSpot Employee

Showing up login screen, when creating a timeline events for each contact via Java Coding/POSTMAN

SOLVE

I'm glad I could help clarify, @Mahesh1250!

 

I see your testing app is now connected to account 6595917! Let either @himanshurauthan or me know if you're having issues refreshing access tokens. It can be tricky at first.

Isaac Takushi

Associate Certification Manager
0 Upvotes
Mahesh1250
Contributor

Showing up login screen, when creating a timeline events for each contact via Java Coding/POSTMAN

SOLVE

Hi @IsaacTakushi,

 

Thanks for your support! 🙂

 

After seeing your response, I confirmed that the first time we need to authenticate the app to get the code and by using this code we'll get access_token & Refresh_token.

 

1. Access_token will expire every 6 hours, so we need to catch the invalid token exception and need to create new access_token by using refresh_token. So in this way, we don't need to repeat step 1 (i.e.authenticate the app to get the code)  which is good.

 

Question : 

- Is there any expiration for refresh_token? If yes, how we need to handle this case in production environments?

 

Thanks,

Mahesh.S

0 Upvotes
IsaacTakushi
HubSpot Employee
HubSpot Employee

Showing up login screen, when creating a timeline events for each contact via Java Coding/POSTMAN

SOLVE

Hey, @Mahesh1250.

 

Happy to help Smiley Very Happy

 

No, refresh_token values do not expire, so you can request a new access_token at any time.

 

In fact, if your app is not making calls, you can even let the access token expire and refresh it only when you need it.

Isaac Takushi

Associate Certification Manager
0 Upvotes