SAP Open Connectors

HubSpot CRM Authenticate a Connector Instance

You can authenticate with HubSpot to create your own instance of the HubSpot CRM connector through the UI or through APIs. Once authenticated, you can use the connector instance to access the different functionality offered by the HubSpot platform.

Authenticate Through the UI

Use the UI to authenticate with HubSpot and create a connector instance. Because you authenticate with HubSpot via OAuth 2.0, all you need to do is add a name for the instance. After you create the instance, you'll log in to HubSpot to authorize SAP Open Connectors access to your account. For more information about authenticating a connector instance, see Authenticate a Connector Instance (UI)

After successfully authenticating, we give you several options for next steps. Make requests using the API docs associated with the instance, map the instance to a common resource, or use it in a formula template.

Authenticate Through API

You can authenticate with HubSpot CRM in one of two ways: OAuth 2.0 and API Keys. HubSpot CRM recommends API Keys for prototyping and OAuth 2.0 for production integrations. For more information, review HubSpot CRM's Authentication Overview. Go to the section that matches your authentication method:

OAuth API Authentication

Authenticating through API using OAuth 2.0 is a multi-step process that involves:


1
Redirect URL




2
Authenticate Users




3
Authenticate Instance


Getting a Redirect URL


1
Redirect URL




2
Authenticate Users




3
Authenticate Instance


Use GET /{page.elementKey}/oauth/url to request a redirect URL and pass scope to Hubspot. The scope parameter values that you include in the request must match the permissions granted to the authorizing user and their account. Some scopes apply only to Marketing accounts (such as content, reports, social, and automation) while others apply to both Marketing and CRM accounts (such as crm.objects.contacts.read, timeline, and files). If you include Marketing scopes when authenticating with Hubspot CRM, users will receive a Permissions error if their account does not include Marketing permissions.

To be certain that your users can authenticate, you should pass the specific scopes granted to the users and their account. Review the Hubspot OAuth 2.0 scope documentation for the complete list of scopes.

However, if you do not pass any scopes or pass scope without any values, see the table below for the default scopes passed with the GET /{page.elementKey}/oauth/url request.

Scope ParameterDefault Scope
Hubspot CRM with no scope parameter
ex. GET /{page.elementKey}/oauth/url?apiKey=...&apiSecret=...&callbackUrl=...
crm.objects.contacts.read, crm.objects.deals.read, crm.objects.companies.read, timeline, and files
Hubspot CRM with a scope parameter with no value
ex. GET /hubspotcrm/oauth/url?apiKey=...&apiSecret=...&callbackUrl=...&scope=
crm.objects.contacts.read, crm.objects.deals.read, crm.objects.companies.read, timeline, files, content, reports, social, automation, forms, sales-email-read
Hubspot Marketing with no scope parameter
ex. GET /{hubspot}/oauth/url?apiKey=...&apiSecret=...&callbackUrl=...
crm.objects.contacts.read, crm.objects.deals.read, crm.objects.companies.read, timeline, files, content, reports, social, automation, forms
Hubspot Marketing with a scope parameter with no value
ex. GET /hubspot/oauth/url?apiKey=...&apiSecret=...&callbackUrl=...&scope=
crm.objects.contacts.read, crm.objects.deals.read, crm.objects.companies.read, timeline, files, content, reports, social, automation, forms

The examples below include recommended scope values. For Hubspot Marketing Basic account users, we recommend not including the automation scope.

Use the following API call to request a redirect URL where the user can authenticate with the service provider. Replace {keyOrId} with the connectors key, hubspotcrm.

curl -X GET "/elements/{keyOrId}/oauth/url?apiKey=<api_key>&apiSecret=<api_secret>&callbackUrl=<url>&scope=crm.objects.contacts.read%20timeline%20files"

Query Parameters

Query ParameterDescription
apiKeyThe key obtained from registering your app with the provider. This is the Client ID that you recorded in API Provider Setup.
apiSecretThe secret obtained from registering your app with the provider. This is the Consumer Secret that you recorded in API Provider Setup.
callbackUrlThe URL that will receive the code from the vendor to be used to create a connector instance.
scopeA space separated set of Hubspot scopes that your app can access. Scopes listed in this parameter are required for your app, and the user will see an error if they do not have access to any scope that you included.

Example cURL

curl -X GET \
  'https://api.openconnectors.us2.ext.hana.ondemand.com/elements/api-v2/elements/hubspotcrm/oauth/url?apiKey=fake_api_key&apiSecret=fake_api_secret&callbackUrl=https://www.mycoolapp.com/auth&state=hubspotcrm&scope=crm.objects.contacts.read%20timeline%20files' \

Example Response

Use the oauthUrl in the response to allow users to authenticate with the vendor.

{
"element": "hubspotcrm",
"oauthUrl": "https://login.hubpot.com/services/oauth2/authorize?response_type=code&client_id=fake_api_key&client_secret=xyz789&scope=full%20refresh_token&redirect_uri=https://www.mycoolapp.com/auth&state=hubspotcrm"
}

Authenticating Users and Receiving the Authorization Grant Code


1
Redirect URL




2
Authenticate Users




3
Authenticate Instance


Provide the response from the previous step to the users. After they authenticate, HubSpot CRM provides the following information in the response:

  • code
  • state
Response ParameterDescription
codeThe Authorization Grant Code required by SAP Open Connectors to retrieve the OAuth access and refresh tokens from the endpoint.
stateA customizable identifier, typically the connectors key (hubspotcrm) .
Note: If the user denies authentication and/or authorization, there will be a query string parameter called error instead of the code parameter. In this case, your application can handle the error gracefully.

Authenticating the Connectors Instance


1
Redirect URL




2
Authenticate Users




3
Authenticate Instance


Use the /instances endpoint to authenticate with HubSpot CRM and create a connector instance. If you are configuring events, see the Events section.

Note: The endpoint returns a connector instance token and id upon successful completion. Retain the token and id for all subsequent requests involving this connectors instance.

To create a connector instance:

  1. Construct a JSON body as shown below (see Parameters):

    {
      "element": {
        "key": "hubspotcrm"
      },
      "providerData": {
        "code": "<AUTHORIZATION_GRANT_CODE>"
      },
      "configuration": {
        "authentication.type": "oauth2",
        "oauth.callback.url": "<CALLBACK_URL>",
        "oauth.api.key": "<CONSUMER_KEY>",
        "oauth.api.secret": "<CONSUMER_SECRET>",
        "create.bulk.properties": "false",
        "filter.response.nulls": true
      },
      "tags": [
        "<Add_Your_Tag>"
      ],
      "name": "<INSTANCE_NAME>"
    }
    
  2. Call the following, including the JSON body you constructed in the previous step:

    POST /instances
    
    Note: Make sure that you include the User and Organization keys in the header. For more information, see Authorization Headers, Organization Secret, and User Secret.
  3. Locate the token and id in the response and save them for all future requests using the connectors instance.

Example cURL

curl -X POST \
  https://api.openconnectors.us2.ext.hana.ondemand.com/elements/api-v2/instances \
  -H 'authorization: User <USER_SECRET>, Organization <ORGANIZATION_SECRET>' \
  -H 'content-type: application/json' \
  -d '{
  "element": {
    "key": "hubspotcrm"
  },
  "providerData": {
    "code": "xoz8AFqScK2ngM04kSSM"
  },
  "configuration": {
    "authentication.type": "oauth2",
    "oauth.callback.url": "https;//mycoolapp.com",
    "oauth.api.key": "xxxxxxxxxxxxxxxxxx",
    "oauth.api.secret": "xxxxxxxxxxxxxxxxxxxxxxxx",
    "create.bulk.properties": "false",
    "filter.response.nulls": true
  },
  "tags": [
    "Docs"
  ],
  "name": "API Instance"
}'

API Key API Authentication

To authenticate using a Hubspot HAPIkey:

  1. Construct a JSON body as shown below (see Parameters):

    {
      "element": {
        "key": "hubspotcrm"
      },
      "configuration": {
        "hubspot.authorization.apikey":"3a9990ff-bf17-40b1-9ce1-e1702e36ab51",
        "authentication.type": "apiKey",
        "create.bulk.properties": "false",
        "filter.response.nulls": true
      },
      "tags": [
        "<Add_Your_Tag>"
      ],
      "name": "<INSTANCE_NAME>"
    }
    
  2. Call the following, including the JSON body you constructed in the previous step:

    POST /instances
    
    Note: Make sure that you include the User and Organization keys in the header. See the Overview for details.
  3. Locate the token and id in the response and save them for all future requests using the connectors instance.

Example cURL

curl -X POST \
  https://api.openconnectors.us2.ext.hana.ondemand.com/elements/api-v2/instances \
  -H 'authorization: User <USER_SECRET>, Organization <ORGANIZATION_SECRET>' \
  -H 'content-type: application/json' \
  -d '{
  "element": {
    "key": "hubspotcrm"
  },
  "configuration": {
    "hubspot.authorization.apikey":"xxxxxxxxxxxxxxxxxxxxxxxx",
    "authentication.type": "apiKey",
    "create.bulk.properties": "false"
  },
  "tags": [
    "Docs"
  ],
  "name": "API Instance"
}'

Parameters

API parameters not shown in SAP Open Connectors are in code formatting.

Note: Event related parameters are described in Events.
ParameterDescriptionData Type
keyThe connectors key.
hubspotcrm
string
codeThe authorization grant code returned from the API provider in an OAuth2 authentication workflow.string
Name
name
The name for the connectors instance created during authentication.string
authentication.typeIdentifies how you are authenticating with HubSpot CRM. Either oauth2 or apiKey.string
Create Bulk Properties for Migration
create.bulk.properties
Identifies if you want to create custom properties in Hubspot for bulk uploads.string, must be true (Yes) or false (No)
oauth.callback.urlOAuth 2.0 authentication only. The URL where you want to redirect users after they grant access. This is the Callback URL that you noted in API Provider Setup.string
oauth.api.keyOAuth 2.0 authentication only. The Client ID from HubSpot CRM. This is the Client ID that you noted in API Provider Setup.string
oauth.api.secretOAuth 2.0 authentication only. The Client Secret from HubSpot CRM. This is the Client Secret that you noted in API Provider Setup.string
Hubspot API Key
hubspot.authorization.apikey
API Key authentication only. The hubspot API key that you noted in API Provider Setup.string
tagsOptional. User-defined tags to further identify the instance.string

Example Response for an Authenticated Connectors Instance

In this example, the instance ID is 58772 and the instance token starts with "ABC/D...". The actual values returned to you will be unique: make sure you save them for future requests to this new instance.

{
  "id": 58772,
  "name": "API Instance",
  "createdDate": "2017-08-01T16:12:43Z",
  "token": "ABC/Dxxxxxxxxxxxxxxxxxxxxxxxx/9DROw=",
  "element": {
    "id": 229,
    "name": "Hubspot CRM",
    "hookName": "HubSpotCRM",
    "key": "hubspotcrm",
    "description": "HubSpot is an inbound marketing software platform that helps companies attract visitors, convert leads, and close customers.",
    "image": "elements/provider_hubspot.png",
    "active": true,
    "deleted": false,
    "typeOauth": true,
    "trialAccount": false,
    "configDescription": "If you do not have a HubSpot account, you can create one at <a href=\"http://www.hubspot.com\" target=\"_blank\">HubSpot Signup</a>",
    "defaultTransformations": [  ],
    "objectMetadata": [  ],
    "transformationsEnabled": true,
    "bulkDownloadEnabled": true,
    "bulkUploadEnabled": true,
    "cloneable": false,
    "extendable": true,
    "beta": false,
    "authentication": {
        "type": "oauth2"
    },
    "extended": false,
    "hub": "crm",
    "protocolType": "http",
    "parameters": [],
    "private": false
      },
      "elementId": 168,
      "tags": [
        "Docs"
        ],
      "provisionInteractions": [],
      "valid": true,
      "disabled": false,
      "maxCacheSize": 0,
      "cacheTimeToLive": 0,
      "configuration": {    },
      "eventsEnabled": false,
      "traceLoggingEnabled": false,
      "cachingEnabled": false,
      "externalAuthentication": "none",
      "user": {
          "id": 3306
      }
    }
 }