User based authentication systemSOLVE
Jan 16, 2020 2:15 AM
I can see that only super admin is able to authorize Oauth App and hence access token is generated. After succesfully generating token, the app can be seen in connected apps section.
After that, if I create any new user, I can see that oAuth app is already present in connected apps section for that user. It signifies that the token is valid at an account level.
Since, different users can have different permissions set associated with them, I would like to know that, if a particular user would like to access a functionality of HubSpot Crm via an external App integrated within HubSpot, how can we prevent that user to access CRM functionalities (say contact record update) which are not allowed for him using an API?
Since, we have accessToken for Super Admin user ( full permission ) only, we don't have any option other than to provide the same token in API request, and that will be incorrect.
Solved! Go to Solution.