Sep 21, 2021 5:47 AM
I'm looking to integrate my Web Form to HubSpot using the API recommended in https://legacydocs.hubspot.com/docs/methods/forms/submit_form
It works well
But the biggest drawback of this API is that there is NO AUTHENTICATION
Anyone who knows or intercepts the API call from the Website will find out the Portal ID & Form Guid and can flood my hubspot instance with lot of Form Submissions.
Any reason this API is designed this way ?
How to secure it ?
Sep 21, 2021 9:36 PM
Anyone from HubSpot Product or API team looking into this ?
Can you please share your thoughts on this.
Sep 22, 2021 11:06 AM
@ShekarC , create an idea and post to the ideas board. We have a team that monitors that for product update ideas 👍
Link your idea back here so we can upvote
Sep 22, 2021 11:12 AM
Hi @dennisedson I have done as suggested
Usually what is a typical timeline / SLA for an idea to be picked (or) do I need to pray for max number of upvotes ?
I thought my request is quite basic, unless the API product has a strong rationale that they can justify as to why there is no authentication set for this API....
Sep 22, 2021 11:15 AM
There is no timeline on an idea being picked up. The more upvotes, the more likely it will be picked up
Sep 21, 2021 6:52 AM
Hi @ShekarC ,
If this is something you really want, yes. You could look into the ReCaptcha option, but this is something that is not unique. Spam send through forms happen on all type of websites. ReCaptcha is the most common solution. But if I have a WordPress website with an exposed action, that could also be used to send spam through my website.
Sep 21, 2021 7:36 AM - edited Sep 21, 2021 7:36 AM
Hi @Teun
ReCaptcha is to prevent spam through the Form
However if a malicious user intercepts the API call made from the Website, then they can use tools like Postman to flood the Form and create junk data in my HubSpot instance
Sep 21, 2021 7:40 AM
Hi @ShekarC ,
Completely true. Would be nice to have an option to secure this. But currently, it is not available.
Sep 21, 2021 6:08 AM
Sep 21, 2021 5:57 AM
Sep 21, 2021 5:59 AM
Ah, here it is, so guess it is not relevant to your current question.