One of the features we miss most is the embedded "read-only" timeline view. In working with systems where we had no ability to add HubSpot activities into their system, or when working with systems where the client wants to see latest page views, etc. in the embedded form, this gadget was extremely helpful. Many sales teams do not want another username/password to another system; the read-only view was the perfect solution for that problem.
My understanding is that it was removed for lack of security - fair point as it was set up.
Perhaps it could be brought back and secured by passing the information through the API along with a signature (much like how webhooks authentication works now with signatures). This signature could be required to be appended to the iframe URL, have a 5 minute timeout, and the remaining information could be passed through the API. This would mean one call for the data instead of trying to recreate it on our own through many different calls on the fly.
The Contact Timeline Embed functionality allows you to embed a contact timeline iframe into an external system. The iframe requires a login; you can find more details here:
The current login solution doesn't work for our clients' needs. Most of our clients that leveraged this feature are staffing companies, and their recruiters don't want to manage another login (we embed this within their ATS). Additionally, with companies that have upwards of 500 or more potential users, manually managing logins would be a full-time job in of itself.
We were hoping that there was a solution that didn't require a login, but could be secured through the API and displayed as needed.
Indeed, login is an unnecessary barrier here. Plus, for almost all details, the user still needs to go to Hubspot. They should be able to view the timeline just like in the contact page, with details (e.g., view the note right away without going to Hubspot contact page).