New permission requirements for installing public apps
Beginning on Monday, October 16th, the App Marketplace Access permission will be required for the first install of any public app. This change will affect any HubSpot user installing any public app, when the app has not been previously installed in the HubSpot account.
Currently, this permission is required when installing apps from the HubSpot App Marketplace. Going forward, this permission will be required when installing any integration, including apps installed from third-party websites.
The App Marketplace Access permission will be required in addition to any other permissions required to install the app, based on the scopes being requested from the app.
This permission is automatically included with super admin permissions, so this change will not affect super admin users.
The App Marketplace Access permission will be required to install an app any time an app requests new OAuth scopes. This will include new installs when the app hasn't been granted any scopes.
Once an app is installed, it can be re-installed by the same user or other users without the App Marketplace Access permission, as long as the installation does not request any new scopes. Re-installations will still allow your app to get a new OAuth refresh and access token for the new user with any requested scopes that have been previously approved for the account.
If any scopes not previously approved for the app in the HubSpot account are requested, the user will need to have the App Marketplace Access permission to approve and complete the installation.
This update will have no effect on installations completed before this change. Any existing refresh tokens will continue to work as they already do, and reinstallations of apps that are already installed will not require the App Marketplace Access permission unless new scopes are requested. Any apps that are uninstalled from an account will be treated as a brand new app with no granted permissions the next time a user tries to install it.
Since this permission is already required for installing apps directly from the HubSpot App Marketplace, this change will not affect installing apps from the marketplace if the install button goes directly to the OAuth install process. However, this will affect apps listed in the marketplace where the install button links to your external site, and then the user is directed to the install URL from your site.
The App Marketplace Access permission will not be required for apps that only request the
oauth scope by itself. This will only apply if the
oauth scope is the only scope requested with the
scope= parameter. If any other scopes are included, or if any scopes are included in the
optional_scope= parameter, the App Marketplace Access permission will be required to install the app.
Why is this happening?
This change ensures that the permissions required to install an app are the same for apps listed in the marketplace as well as unlisted apps, and makes sure the same permissions are required regardless of where the installation is initiated from. This also makes sure that HubSpot super admins have full control over who is allowed to install apps in their HubSpot account.
When is this happening?
This change will go into effect on Monday, October 16th.
Please let us know if you have any questions by joining the discussion in our community.