At the moment there is no way to access hidden files over the API. Meaning that almost any files that are related to engagements are not accessible to the users.
Also, there is no export capability for that. Basically this makes it totally impossible to access your own data in HubSpot account.
despite of that the 'access' property stays unchanged - "access": "HIDDEN_PRIVATE"
Therefore what we really need here is a possibility to change the 'hidden' flag of the file true/false.
Still, it is possible to access hidden files via API call (at least in case of tickets associations - engagements -> NOTE and note points to attachment).
I am not able to say if it is possible with other 'hidden' files from deal etc. Please feel free to try it out.
This solution also requires calling for every file because a signed URL gives access to one "HIDDEN_PRIVATE" file at a time.
Getting access to attached files would be extemely useful for our automation needs. And could also be very useful way to purge attachments for privacy when we archive old deals.
It seems that enabling the scope "files_ui_hidden.read" has solved the issue for me using the v3 API, as mentioned in the CMS API here (Changes in V3 section): https://developers.hubspot.com/docs/api/files/files
One needs to go to the private app settings (or OAuth if you're using it?) and enable this scope for the given private app. I'm still testing for full details but I expect to be able to use a combination of this scope to get metadata and the signed url to get the file itself.
In the V3 Files API, to access any PRIVATE_HIDDEN files you have to have the `files.ui_hidden.read` scope (on top of the regular `files` scope) and use
`/files/v3/files/FILE_ID` and `/files/v3/files/FILE_ID/signed-url` endpoints.
You CANNOT use the search endpoint. The search endpoint does not search PRIVATE_HIDDEN files. But I would love this.
You also CANNOT change the `access` of a PRIVATE_HIDDEN file using the "update file properties" PATCH (/files/v3/files).
Hi all, I work on the files team and can shed some light here.
The public service: `/files/v3/files/*` endpoints, do not have access to hidden files, it actually reads out of a search index where hidden files are not indexed, the same index that files dashboard uses. This was a decision we made because hidden files were used as internal system files that other apps used for their app-specific hosting needs historically. Due to this fact, it could be dangerous for a user to update or delete them as it could damage the experience in the owning app. The files app was created for a CMS-only use case originally, but as it has grown and been adopted by other hubs, we recognize the need for customers to have access to their files and for there to be a unified files experience across apps and hubs. We have plans to index and expose crm attachments in the aforementioned search index the near future. This will hopefully improve the crm-records experience and give integrators access to them through the public api.
P.S. Hidden files are not accessible through the public service but should be able to be accessed via the legacy internal apis that are are exposed to ExternalAuth: `filemanager/api/v2/files/{fileId}/singed-url-redirect` `filemanager/api/v2/files/{fileId}/signed-url`
