In this tutorial we will explore creating a Hubspot private app for internal use with data tools like Azure DataFactory or our DataTools Pro.
Hubspot does a great job providing practical scopes for accessing meta-data, data, and sensitive data. There are many different types of data and analytics tools, so building your internal app with a least privilege principles is very important.
In this tutorial we will explore step by step setting up your app and where you would decide the level of access needed.
1. Login to your HubSpot instance
2. Go to Settings
3. Click “Create a private app”
4. Enter your basic app info including a name and detailed description what the app does, what access is required, and the business justification for the app. This ensures future developers and Hubspot administrators understand what this app is used for.
5. Select the scopes for which your app will require access
This is an important step to ensure your app has permissions to the right data and meta data.
Analytics apps typically require read-only permission. As a best practice, we typically type “read” in the search bar to make it easier to find the correct scopes.
Sensitive.Read – These fields are not exposed to apps by default due to privacy protection
- Phone number
- Address
- Job title
Highly_Sensitive.Read – This is very restricted and usfually requires higher levels of app review and justification
- Social security numbers (SSNs)
- Financial Info
Webhooks – While setting up your app, you will notice a “Webhooks” tab. For the data tools we typically support, we use for real-time alerting or syncs to 3rd-party tools (Slack, CRM, etc.)
Access Token and Client Secret
Access Token and Client Secret
When you build a private app, you have created a long-lived Personal Access Token (PAT) (what you see under “Access token”)
The Access Token
- There’s no OAuth authorization flow, so:
- No redirect URI needed
- No
refresh_tokeninvolved - Just plug the token directly into ADF and you’re good to go
