Submit Form API has NO Authentication

ShekarC
Participant

I'm looking to integrate my Web Form to HubSpot using the API recommended in https://legacydocs.hubspot.com/docs/methods/forms/submit_form
It works well
But the biggest drawback of this API is that there is NO AUTHENTICATION
Anyone who knows or intercepts the API call from the Website will find out the Portal ID & Form Guid and can flood my hubspot instance with lot of Form Submissions.

Any reason this API is designed this way ?

How to secure it ?

0 Upvotes
10 Replies 10
Teun
Guide | Diamond Partner

Hi @ShekarC ,

 

You could check this post, which has the same question.
I do remember to see an update the past month regarding recaptcha and the submission API, not sure if it is relevant tho.
Will post it here if I find it.

Did my answer solve your issue? Help the community by marking it as the solution.
0 Upvotes
Teun
Guide | Diamond Partner

Ah, here it is, so guess it is not relevant to your current question.

Did my answer solve your issue? Help the community by marking it as the solution.
0 Upvotes
ShekarC
Participant

Hi @Teun 

So your suggestion is similar to this post where I have to build my own security layer.

0 Upvotes
Teun
Guide | Diamond Partner

Hi @ShekarC ,

 

If this is something you really want, yes. You could look into the ReCaptcha option, but this is something that is not unique. Spam send through forms happen on all type of websites. ReCaptcha is the most common solution. But if I have a WordPress website with an exposed action, that could also be used to send spam through my website.

Did my answer solve your issue? Help the community by marking it as the solution.
0 Upvotes
ShekarC
Participant

Hi @Teun

ReCaptcha is to prevent spam through the Form

However if a malicious user intercepts the API call made from the Website, then they can use tools like Postman to flood the Form and create junk data in my HubSpot instance

0 Upvotes
Teun
Guide | Diamond Partner

Hi @ShekarC ,

 

Completely true. Would be nice to have an option to secure this. But currently, it is not available.

Did my answer solve your issue? Help the community by marking it as the solution.
0 Upvotes
ShekarC
Participant

Anyone from HubSpot Product or API team looking into this ?

Can you please share your thoughts on this.

0 Upvotes
dennisedson
Community Manager

@ShekarC , create an idea and post to the ideas board.  We have a team that monitors that for product update ideas 👍

Link your idea back here so we can upvote

Thanks,

Dennis




Check out our Community Developer Blog
where we feature our Community driven developer podcast and how to content
0 Upvotes
ShekarC
Participant

Hi @dennisedson I have done as suggested

https://community.hubspot.com/t5/HubSpot-Ideas/Submit-Form-API-has-NO-Authentication/idi-p/498952#M9...

Usually what is a typical timeline / SLA for an idea to be picked (or) do I need to pray for max number of upvotes ?

I thought my request is quite basic, unless the API product has a strong rationale that they can justify as to why there is no authentication set for this API....

0 Upvotes
dennisedson
Community Manager

There is no timeline on an idea being picked up.  The more upvotes, the more likely it will be picked up

Thanks,

Dennis




Check out our Community Developer Blog
where we feature our Community driven developer podcast and how to content