Wednesday, 30 January 2013

HubSpot OAuth Implementation Plans

Following First PoC of TeamMentor integration with HubSpot here is the brief agreed with Justin (a developer I found in elance.com)

HubSpot Integration Plan
Using an OAuth strategy, we will write the necessary HTML and .Net code to capture a lead from the web site and add it to the Contacts list in HubSpot. This will be done without the user ever leaving the web site or needing to use iFrames. Using a standard HTML form, the user will fill in the required fields. We will write a simple javascript routine to validate the required fields are present and valid. Once validated, the form will be submitted to an ASP.Net page on the server. Once on the server, the data will be pulled into variables and then submitted to HubSpot using their REST API with OAuth. After a successful contact submission, the user will be redirected to a Thank You page on the site.

The initial access token will be created manually and the refresh token saved in a secure place on the server. When the access token expires, the refresh token will be used to obtain a new one automatically. For security the refresh token will be securely stored on the server in one of the available private repositories. The OAuth token will have the predefined HubSpot scope of "contacts-rw" which has read and write capabilities on contacts only.

I really like the idea of using OAuth in the backend like this (to send new user data from TeamMentor into HubSpot).

I would prefer if HubSpot had a contracts-w or contracts-c permission where it was only possible to write or create contacts (and be able to see all contact data).

That said, contracts-rw is better than all-rw :)