Announcement: A new endpoint to securely download/access files upload via forms

What's happening?

The URL for files uploaded via HubSpot forms now supports two additional forms of authentication. These authentication methods are available in addition to the existing, browser-based authentication. Files can now be accessed using our standard authentication methods:

• OAuth Headers
• API Keys

These authentication methods are employed exactly as they are on other HubSpot API endpoints.

Details of these new capabilities can be found on the documentation page.

Why is this happening?

We changed the availability of files uploaded via HubSpot forms to remove access from anonymous viewers, as noted in this changelog entry. We want to ensure that files entrusted to HubSpot and to our customers won't be mistakenly made available to the public.

These new authentication methods provide more flexibility in how these files can be accessed by trusted users.

How to use this if you were affected by the previous change

We recommend the following workflow in order to restore the closest proxy for previous integrations that relied on uploaded documents being publicly accessible,:

• Create an app and create webhook subscription for the property which will be used the file upload
• Use the new endpoint to download the file
• Upload the file to the File Manager
• Write the new publicly accessible url back to a seperate contact property to use as you would have before

Please note that this will make the file publicly accessible so do not follow this flow if the documents being uploaded are sensitive or private in nature.

When is this happening?

This change is happening today, November 7, 2019.

If you have any questions, please join the discussion in the community, where our developer support team will be available to answer your questions.