V3 instructions followed but require app secret that is no longer supplied.

JMerholtz · ‎May 9, 2022

Hello,

I am currently working on authenticating webhook calls to my application using the V3 method here.

https://developers.hubspot.com/changelog/introducing-version-3-of-webhook-signatures

However, the private apps feature for my customer's account were disabled and I can no longer see the app secret. I was later told by a support person that I should be able to use the Private App Access Token in lieu of the secret field being deprecated.

Try as I might though, I cannot get the hashs to match. So are we suppose to use the secret or can we truly use the token?

JMerholtz · ‎May 11, 2022

So I was told from a Rep that this feature was specifically removed from the private app due to a security implication. The work around? Use a public app instead.

New question to follow up on topic: Why would a public app, that uses the exact same functionality as the private app, be the option to use when private apps had that taken away due to a security implication?

Jaycee_Lewis · ‎May 10, 2022

Hey, @JMerholtz Thanks for the interesting question. Let's see if our community has any insight here – @miljkovicmisa and @JBeatty do you have any guidance for @JMerholtz ?

Thank you so much! – Jaycee

Jaycee Lewis

Developer Community Manager

Community | HubSpot

JMerholtz · ‎May 10, 2022

I think I found my answer:
https://community.hubspot.com/t5/APIs-Integrations/OAuth2-authorization-for-Private-Apps-issues/m-p/...

TL;DR: Hubspot removed the ability to use Private Apps for webhooks.

JMerholtz · ‎May 10, 2022

If someone from Hubspot can confirm that this is, indeed, the case, I would be very appreciative.

APIs & Integrations