APIs & Integrations

ShekarC
Participant

Submit Form API has NO Authentication

I'm looking to integrate my Web Form to HubSpot using the API recommended in https://legacydocs.hubspot.com/docs/methods/forms/submit_form
It works well
But the biggest drawback of this API is that there is NO AUTHENTICATION
Anyone who knows or intercepts the API call from the Website will find out the Portal ID & Form Guid and can flood my hubspot instance with lot of Form Submissions.

Any reason this API is designed this way ?

How to secure it ?

0 Upvotes
10 Replies 10
ShekarC
Participant

Submit Form API has NO Authentication

Anyone from HubSpot Product or API team looking into this ?

Can you please share your thoughts on this.

0 Upvotes
dennisedson
HubSpot Product Team
HubSpot Product Team

Submit Form API has NO Authentication

@ShekarC , create an idea and post to the ideas board.  We have a team that monitors that for product update ideas 👍

Link your idea back here so we can upvote

Thanks,

Dennis




HubSpot Community Developer ShowMake sure to subscribe to our YouTube channel
where you can find the HubSpot Community Developer Show
0 Upvotes
ShekarC
Participant

Submit Form API has NO Authentication

Hi @dennisedson I have done as suggested

https://community.hubspot.com/t5/HubSpot-Ideas/Submit-Form-API-has-NO-Authentication/idi-p/498952#M9...

Usually what is a typical timeline / SLA for an idea to be picked (or) do I need to pray for max number of upvotes ?

I thought my request is quite basic, unless the API product has a strong rationale that they can justify as to why there is no authentication set for this API....

0 Upvotes
dennisedson
HubSpot Product Team
HubSpot Product Team

Submit Form API has NO Authentication

There is no timeline on an idea being picked up.  The more upvotes, the more likely it will be picked up

Thanks,

Dennis




HubSpot Community Developer ShowMake sure to subscribe to our YouTube channel
where you can find the HubSpot Community Developer Show
Teun
Recognized Expert | Diamond Partner
Recognized Expert | Diamond Partner

Submit Form API has NO Authentication

Hi @ShekarC ,

 

If this is something you really want, yes. You could look into the ReCaptcha option, but this is something that is not unique. Spam send through forms happen on all type of websites. ReCaptcha is the most common solution. But if I have a WordPress website with an exposed action, that could also be used to send spam through my website.



Did my answer solve your issue? Help the community by marking it as the solution.
0 Upvotes
ShekarC
Participant

Submit Form API has NO Authentication

Hi @Teun

ReCaptcha is to prevent spam through the Form

However if a malicious user intercepts the API call made from the Website, then they can use tools like Postman to flood the Form and create junk data in my HubSpot instance

0 Upvotes
Teun
Recognized Expert | Diamond Partner
Recognized Expert | Diamond Partner

Submit Form API has NO Authentication

Hi @ShekarC ,

 

Completely true. Would be nice to have an option to secure this. But currently, it is not available.



Did my answer solve your issue? Help the community by marking it as the solution.
0 Upvotes
ShekarC
Participant

Submit Form API has NO Authentication

Hi @Teun 

So your suggestion is similar to this post where I have to build my own security layer.

0 Upvotes
Teun
Recognized Expert | Diamond Partner
Recognized Expert | Diamond Partner

Submit Form API has NO Authentication

Hi @ShekarC ,

 

You could check this post, which has the same question.
I do remember to see an update the past month regarding recaptcha and the submission API, not sure if it is relevant tho.
Will post it here if I find it.



Did my answer solve your issue? Help the community by marking it as the solution.
0 Upvotes
Teun
Recognized Expert | Diamond Partner
Recognized Expert | Diamond Partner

Submit Form API has NO Authentication

Ah, here it is, so guess it is not relevant to your current question.



Did my answer solve your issue? Help the community by marking it as the solution.
0 Upvotes