Skip to content
HubSpot Developer Changelog

Breaking Change: Upcoming Change to Scope Requirements for App Cards in Private Apps

As part of our ongoing efforts to enhance security within the HubSpot ecosystem, we will update the scope requirements for app cards in private apps on December 1st, 2024.

What’s Changing?

When uploading a project, any app cards lacking the correct scopes corresponding to their associated object(s) will fail to upload.

For example, consider the following objectTypes definition in your card.json file:

"objectTypes": [ { "name": "deals" } ]

This configuration indicates that the app card is associated with the deals object. When you upload this project to HubSpot, the system will check the card.json file and validate that the app.json file includes the necessary scope — crm.objects.deals.read.

Therefore, your app.json file should include the required scope and look like this:

{ "name": "Egg Counter", "uid": "egg-counter", "description": "Count all the eggs.", "scopes": ["crm.objects.deals.read"], "public": false, "extensions": { "crm": { "cards": [ { "file": "./extensions/egg-counter.json" } ] } } }

How does this affect me?

App cards that have been deployed will still be usable by the end user; however, any future builds or updates will fail unless the appropriate scopes are added to the app.json file.  If the scope requirements are not met during an upload, the following error will be provided:

[ERROR] This app is missing read scopes for the following object types: [objectType]. Add the missing scopes to the app configuration file and try again. For more information on scopes, please see https://developers.hubspot.com/docs/api/scopes.

When is this happening?

This scope check enforcement will begin on December 1st, 2024. Please ensure your app.json files are updated accordingly before this date.

Questions or comments? Please join the peer-to-peer developer community forum.