Authentication
Last updated
Was this helpful?
Last updated
Was this helpful?
When your user click an app's name in the Integry marketplace, or you directly call or , Integry asks the user to connect their account in that app. Once they connect, Integry automatically adds the user's auth credentials in onwards HTTP requests to that app.
The authentication process for some apps may be as Basic as asking for a username and password that Integry will include in the Headers of HTTP requests. Many apps today require using the protocol to get an access token that Integry will include in the HTTP request. If the token has expired, Integry will refresh the token and retry the request.
By default, most apps that use OAuth 2.0 for authentication are configured to use Integry's built-in developer app. This means that we don't make you set up a new developer app to perform actions in that app. That said, whenever you're ready to do it, you can simply switch to
Note: Some apps like Zoom can only be connected with your developer app. Follow the same steps below to provide your developer app credentials and you're all set.
In this tutorial, we white-label OAuth 2.0 for HubSpot by creating a developer app in your HubSpot developer account. Skip to step 10 if you already have a developer app. We don't have guides for other apps but the steps will be quite similar.
Go to HubSpot's .
Enter your login credentials.
If you don't have a developer account on HubSpot, you can create .
Go to Apps.
Click "Create app".
In the "App Info" tab, enter your app's name.
The name you enter here will appear on the authentication and authorization screens when your users will set up a flow with HubSpot.
Upload your app's logo.
The logo you upload here will appear on the authentication and authorization screens when your users will set up a flow with HubSpot.
Go to the Auth tab and enter as the redirect URL.
When your users connect their HubSpot account while setting up the integration, they will be taken to HubSpot's authentication server. After being verified by the authentication server, they will be redirected to the above URL.
Scroll down to select scopes.
Scopes will determine the permissions to read/write data from/in your HubSpot account.
Select the following scopes:
crm.schemas.deals.readcrm.objects.contacts.readcrm.objects.contacts.writecrm.objects.companies.readcrm.objects.companies.writecrm.lists.readcrm.lists.writecrm.objects.deals.readcrm.objects.deals.writecrm.schemas.contacts.readcrm.schemas.companies.readcontentoauth
Copy each scope and paste it in the search bar.
Select the "read" or "write" permission by clicking the checkbox. Your selected scope will be added.
This is how the permissions section will appear on the authorization screen for your users.
Click on Create App. When your app is created, a "Client ID" and "Client secret" will be generated for your developer app. Go to the "Auth" tab to copy your Client ID and Client secret. You will use these credentials while configuring white-labeled OAuth in Integry.
Go to the 'Flows' tab.
Click on the three-dots menu for flow with HubSpot.
Click on 'Auth Settings.
Enter your Client ID, Client secret, and scopes in the respective fields.
The scopes you enter here should match with the scopes you select in your developer app.
Copy scopes from here: content oauth crm.schemas.deals.read crm.objects.contacts.write crm.objects.companies.write crm.lists.write crm.objects.companies.read crm.lists.read crm.objects.deals.read crm.schemas.contacts.read crm.objects.deals.write crm.objects.contacts.read crm.schemas.companies.read
Click Test.
As a result, an authentication UI opens up in your browser.
After a successful login, an authorization UI opens in your browser. The permissions you see here are the scopes you selected while creating your app. Click on Connect app.
If your test is successful, you'll see a green tick.
In case of an error, you'll see an error icon, click 'See details' to view error details.
You'll see the steps performed by Integry on behalf of Doneday to authenticate and authorize the user. Check the Network Code to see which step failed.
Click "View Payload" to see the details of the API call and troubleshoot accordingly. Here are some potential error messages you may encounter:
invalid_grant: Indicates that the OAuth client key or secret is not properly configured with the necessary grants or scopes
BAD_CLIENT_SECRET: Indicates an invalid or incorrect client secret was provided
Unauthorized: Indicates that the client key or secret provided is not authorized to perform the requested action
Click on Enable to enable white-labeled OAuth in your flows.
Once enabled, any new users who set up integrations with Hubspot will see your app's branding (instead of Integry) on the Hubspot authorization screen, and we will use your developer app when we call Hubspot's API on their behalf. However, existing integrations will continue to use Integry's developer app because that's what the existing users used to login. If/When they disconnect their Hubspot account and reconnect, they will also login using your developer app (and not see Integry).
API-key based authorization type is known for its simplicity. The end-user signs into TPA, gets their API key, and copies it in their application to use. API-key is the name given to a secret token that is submitted to a web service along with a request. The key identifies the end-user in the TPA and performs an API request on behalf of that end-user. For the scope of Integry, once you enter your API-key while authenticating, Integry will consume your API-key for future communication.
API-key based authentication is not a highly recommended auth type due to security loopholes. As an entity gets hold of the end-user's API key, they have to keep it safe (just like a password), because it maybe dangerous if an unauthorized entity accesses it.
This is a modification of API-key. A combination of API-key and API Secret is used for authentication. It works the same as API-key. When an application is registered with the API, it generates a key and a secret for that application. Whenever the application makes a request, its request consists of the key and secret as well.
This works the same as API key, but the API calls are sent to the URL specified by the end-user while they're authenticating their TPA accounts.
It only requires a username and password for authentication. It is the least recommended way of authentication.
In addition to their username and password, it requires your end-users to provide a custom URL.
In addition to their username and password, it requires your end-users to provide a custom authorization URL and an API-key.
By default, all apps are configured to allow a user to connect one account per app. To allow multiple connected accounts for an app, do the following:
Go to Public Apps.
Click the configure button for the app.
Go to Authentication.
Set "Users can connect" to "Multiple accounts".
Note: Once a user has connected multiple accounts for an app, you must include a connectedAccountID when you call , and . You can call to get the list of connected accounts for an app.
