Authentication
- HubSpot supports two different authentication mechanisms: API Key (Basic) and OAuth 2.0.0. When you authenticate an instance and include the HubSpot Portal ID, you use the latest OAuth 2.0 authentication.
- If you intend to use the new OAuth 2.0, you must also provide scope. In Sandbox or developer accounts, HubSpot Marketing will never have appropriate scope to authenticate an instance. To authenticate an element instance with a HubsSpot Marketing trial account, you must create your own connected app with limited scope. See Scope below and Authenticate for more information about how to pass scope when you authenticate with HubSpot.
Scope
When users authenticate an element instance, they authorize your app to access the data allowed by the scopes that you pass to HubSpot. The user and their associated account must have access to all scopes that you pass. In addition to user permissions, HubSpot includes two types of scopes based on account level: Marketing only and Marketing and CRM.
| Marketing Only | Marketing and CRM |
|---|---|
| content | contacts |
| reports | timeline |
| social | files |
| automation | |
| forms | |
| hubdb For website add on | |
| transactional-email For Transactional-email add on |
If you receive the following error message when authenticating, verify that the scopes you pass as part of authentication, the scopes selected in your registered app, user permissions, and account type scopes align. See Authenticate for more information about how to pass scope when you authenticate with HubSpot.
Review the HubSpot OAuth 2.0 scope documentation for the complete list of scopes.
