HubSpot Ideas

WaydeChristie1

Refreshing custom code secrets

Hi folks,

 

I'm using several external APIs in workflow custom code actions which require their API tokens to be regularly refreshed.

 

I could create a separate workflow to refresh these tokens on a regular basis, but I have no way of storing them anywhere in Hubspot. I also do not want to refresh the tokens every time my workflows run.

 

Ideally there would be a Hubspot API endpoint which would enable me to update our custom code secrets, but that doesn't currently exist.

 

Thanks in advance.

6 Replies
WaydeChristie1
Contributor

As an update I've ended up using HubDB to store my access token. It's not ideal because it's visible, but it works.

 

I'd still much prefer to have the ability to update my custom code secrets using a Hubspot API endpoint.

rvzello
Contributor

Example use case: Zoominfo's API requires the refreshing of the JWT every 60 minutes but specifically prohibits the use of the authentication endpoint more than once a second. Enhanced secret management, whether it's the handling of additional authentication method, or a secret endpoint, would be very much welcome.

 

johnphilipking
Participant

This functionality would also help me. I'm building out some integration with the Webex API and the access token has to be renewed fairly often. 

JTBuys
Top Contributor | Platinum Partner

I am also running into this limitation with a Glia api implementation within CCAs. Adding an endpoint or workflow action to update secrets would make Ops Hub even more extensible. As an agency, we try to sell Ops Hub Ent to every client we work with. This functionality would help convince prospects of the native integration capabilities of HubSpot.

fm-hcarvalho
Participant

Upvote!! this is really needed 

ess_rey
Member

Late, but I've been able to handle this in the past using global variables. It's at the very end of the documentation:

  • Variable re-use: to save memory, any variables declared outside the exports.main function may be re-used for future executions of the custom code action. This is useful when connecting to external services like a database, but any logic or information that needs to be unique to each execution of the custom code action should be inside the exports.main function.

If you're using Python for your custom code, take note of the following caveats:

 

  • Variable re-use: similar to the above, any variables declared outside the def main function may be re-used for future executions of the custom code action.
    • If you've declared a variable outside the def main function but do not plan on altering it, you can reference the variable directly.
    • If you plan on altering a variable, you can declare the variable within the def main function with a global keyword before referencing it.

So you would just need some logic to evaluate if your current token has expired. Save the current token as a global variable along with whatever timestamp/number you'll use for comparison (some APIs will give you the expiration time, time to expiration, etc.). Then you'll have a function to generate a new auth token that you only call if the global auth token variable is null or time is up on the global expiry variable instead of just using your refresh token (saved as a secret/env var) on every execution, which could hit rate limits.