Oct 3, 2019 9:01 AM - edited Nov 7, 2019 3:57 PM
We are going to change form file upload urls to require HubSpot users authentication for access/download.
New file links will be in the following form:
We will also change the accessibility of old files. We will update the old file urls on the submissions and contact records. The old, publicly accessible links will cease to work at that time and will return 404 responses.
HubSpot forms handle a lot of different kinds of information, some of which may be private in nature. To foster trust and ensure proper data handling, we will require HubSpot users authentication to access files uploaded via these forms.
This change is happening on October 16, 2019.
Please join the conversation here if you have any comments or questions.
Edit (11/07/2019): Link to update on changelog.
Jun 29, 2021 6:53 AM
Has there been any workaround to this issue? This seems like a relatively basic feature. We use these files to create a task for deals which makes the task links unreadable (plus if there are several files the links do not even have line breaks in between and the task considered all the files as one link...). These files are crucial for sales, without them it's like cold-calling someone who left their email/phone number
Well, a workaround is of course that you open up the contact record and see the form submission from there. BUT since sales reps mostly work with the mobile app, nothing can be seen there. Why can't these files be considered as attachments? Or at least make the task formattable via automation so people could view a link that is formatted horribly so: https://api.hubapi.com/filemanager/api/v2/files/123/signed-url-redirect?&portalId=123&filename=examp...
Or a preview of the pdf, Image or any type of document?
This is very frustrating for sales reps and they have stopped updating deals (which means contact requests are not being answered). Couldn't there be an option in the form File upload where you choose is the document private or not?
Just suggesting some ideas from the top of my head. Hope we get some kind of workaround to this! Thanks
Feb 28, 2020 8:36 AM
Hello Good Morning, so with this new URL format, is there an actual image URL within the signed-url-redirect link, or can you only access it through the redirect? Meaning this URL from hubspot is having a redirect:
and this other random image URL does not, it simply provides the image:
Feb 21, 2020 2:31 AM
HS support staff sent me here.
Our problem is related to the security change.
We have a web form where customers upload files for us. We process the files and are expected to delivery it back to the customer with the exact same file name.
But Hubspot alters the name and adds a unique ID in frot of the file name. This means extra work for our staff having to edit all file names.
If we don't edit the name, our Windows folder/file name length becomes too long (more than 255 characters) and it breaks the tools we use to process the file.
The altered file name is a dealbreaker for us.
HS support referred to the security aspect mentioned by @mwelch. But since the file is still only available for the user after logging in, I don't see how the file name itself would make any difference security wise. Other file download/upload services has managed to solve this while keeping the name intact, so I don't see why Hubspot shouldn't.
Feb 21, 2020 9:29 AM
Just a quickie here. And in my opinion, I wouldn't expect HS to do anything to remedy this/your situation. They made this decision, seemingly, without much thought or planning as to how it would effect their customers and it's basically now a "hands off" development, that will not be changed.
As I'm sure you read in this thread, a lot of companies were adversely effected by this change and the prevailing thoughts from them are "too bad" - this is the way it is......
Feb 13, 2020 11:17 AM
Adding to this thread as well. We have forms in which members can upload their headshots. We had previously used the API to transfer the headshots to our platform, but this update broke that process. Looking forward to a fix.
Dec 10, 2019 3:46 PM
We have continued to work with our integration host, Zapier, and the biggest setback to this change seems to be that the authorization token expires too quickly. On the developers page, it seems that an authorization token should last six hours but during the change process we are logged out and cannot access the file.
It is frustrating to think we have a solution, or HubSpot will assist in a solution, but there seems to be problem after problem and no end in sight. it has been almost two months since this change took place, with a shoddy implementation plan that has left many customers frustrated and broken our automations.
I am concerned that HubSpot is not doing anything on their end to help their integration partners find a solution.
Nov 22, 2019 2:44 PM
This has been a big problem for our company. The forms are a great way for our customers to share special circumstances with the sales team. The customer makes the choice to send , and the expectation is that the sales team will receive it.
It caught us all by surprise. The "fix" is to make the whole sales team "users." This opens us up to all kinds of problems. Instead of being more secure, we are all less secure.
Please fix this.
Nov 6, 2019 9:50 AM - edited Nov 6, 2019 9:51 AM
Jumping in on the bandwagon so I can get email updates.
As many of you have already indicated in this thread, this functionality is severely limiting.
I have been working since July with my Human Resources team to automate a significant portion of their Applicant Tracking System because they are short-staffed and are drowning in applicants. We just launched it completely this week and so it was very disappointing to learn that we now might not be able to automate those resumes/cover letters to go to the hiring managers for the open positions.
I'm familiar with HubSpot making changes on the fly (been using them since 2016) -- and I admit that it is usually for the better -- but this change has me scratching my head. Thanks for the link to the changelog -- this is now bookmarked on my browser and I will reference it frequently.
@mwelch I really do hope you and your team come up with a solution. Maybe a toggle setting within the property to opt-in and out of this functionality? You could always default it to "on", then we (the users) could just turn it off for the ones that interact with our internal workflows. Or even if you could designate the workflow as an internal workflow so you can bypass that rule.
Nov 22, 2019 8:38 PM
We have published some sample PHP code that may help folks get started in working with this new secure download mechanism.
Nov 25, 2019 9:36 AM
Per step #1.... "Listen for a webhook for the file upload field (customer-defined, but similar to this"
I've been listening all weekend and didn't hear a thing. Other than complaints from staff, that they can't get the files they need.
Oct 28, 2019 2:28 PM
Please is there an update on this issue, especially for those who used to connect to Hubspot api? Is there a workaround as this change has "killed" our automations around Hubspot?
Surely it does not make sense to keep paying the normal Hubspot subscription fees when this key feature is not available as this situation has created manual jobs in my Organization, where we did not even have the extra manpower.
Nov 7, 2019 3:23 PM
We have posted a new changelog entry that details the updates to support authenticated access to these files, and which contains links to relevant documentation. Thanks for your patience as we built these new capabilities.
Nov 7, 2019 4:04 PM
Anyone know a developer who could record this process on a VidYard tutorial and post it? I've tried setting this up myself using the resources but it's like it's in another language. I'm completely lost.
@mwelch please look into additional options for us non-developers.
Nov 7, 2019 3:51 PM
So, in reading this... And please correct me if I'm wrong. The only way to get a file is to have a developer write an "app" of some sort? **bleep**?????
You still have not, as documented, provided a SECURE means of a regular HS user to access these files.