HubSpot CRM - Authentication

Authentication

  • HubSpot supports two different authentication mechanisms: API Key (Basic) and OAuth 2.0.0. When you authenticate an instance and include the HubSpot Portal ID, you use the latest OAuth 2.0 authentication.
  • If you intend to use the new OAuth 2.0, you must also provide scope. In Sandbox or developer accounts, HubSpot Marketing will never have appropriate scope to authenticate an instance. To authenticate an element instance with a HubsSpot Marketing trial account, you must create your own connected app with limited scope. See Scope below and Authenticate for more information about how to pass scope when you authenticate with HubSpot.

Scope

When users authenticate an element instance, they authorize your app to access the data allowed by the scopes that you pass to HubSpot. The user and their associated account must have access to all scopes that you pass. In addition to user permissions, HubSpot includes two types of scopes based on account level: Marketing only and Marketing and CRM.

Marketing OnlyMarketing and CRM
contentcontacts
reportstimeline
socialfiles
automation
forms
hubdb
For website add on

transactional-email
For Transactional-email add on

If you receive the following error message when authenticating, verify that the scopes you pass as part of authentication, the scopes selected in your registered app, user permissions, and account type scopes align. See Authenticate for more information about how to pass scope when you authenticate with HubSpot. HubSpot Scope

Review the HubSpot OAuth 2.0 scope documentation for the complete list of scopes.