On this page

Jump to any section using the links below

Overview

This guide shows two ways to create API access in Hubhus:

1. Scoped access per campaign (best practice for external vendors / limited data access)

2. General API access from the Account area (for internal or broad integrations)

The recommended approach for external parties is to scope access via campaign filters, so a vendor only sees the leads that belong to them.

Part 1: Best Practice – Scoped API Access for a Specific Vendor

Step 1 – Open the correct campaign

1. Go to Campaigns.

2. Open the campaign the vendor should be able to read from / write to.

All configuration in the next steps is done inside this campaign.

Step 2 – Create a source value for the vendor (SELECT → e.g. “Sources”)

You first define a dedicated source value to identify this vendor’s leads.

1. In the campaign, go to SELECTS.

2. Find the select list used for lead sources (often named something like “Sources or Vendors”).

3. Add a new option for your vendor, for example:

   • Vendor XYZ

   • Photographer – Region West

4. Save the updated select list.

Later, this value will be used in a filter so the API token only exposes leads with this source.

Step 3 – Create a campaign filter for the vendor

Now you create a filter that returns only leads where the source field equals the vendor’s value.

1. Still in the campaign, go to FILTERS.

2. Create a new filter.

3. Name the filter the same as the vendor, for example: Vendor XYZ.

4. Add a condition on your source field (e.g. “Kilder” / “Source”):

   • Field: the source field (e.g. Kilder)

   • Operator: equals

   • Value: the vendor source you created in Step 2

5. Save the filter.

This filter defines the data slice the vendor will see via the API.

Step 4 – Open the new API documentation and token settings (from campaign)

1. In the same campaign, go to API Documentation.

2. In the left menu, select “API 2023”.

3. Scroll to the bottom and click “Go to new API documentation” (link to the new API UI).

4. In the new API interface, go to API Tokens.

You are now in the view where you create a token scoped to the campaign filter.

Step 5 – Create an API token scoped to the vendor filter

1. In API Tokens, click “New API Token”.

2. Give the token a clear name, for example:

   • Vendor XYZ – Read only

   • Vendor XYZ – Read/Write

3. Select the permissions the vendor should have:

   • Read only, or

   • Read + write (create/update), or

   • Any combination that matches your policy.

4. In the Campaign filter field, select the filter you created in Step 3 (e.g. Vendor XYZ).

   This ensures the token only sees leads that match this filter.

5. Save the token.

6. If there is a separate Settings view for the token, verify that:

   • The correct filter is selected.

   • Permissions match what you want the vendor to do.

Step 6 – Get the public API URL and token value

You now need two things for the vendor:
the public API URL and the token string.

1. In the token overview list, locate the token you just created.

2. Click the link icon next to the token to open the public API page.

   • Copy this URL – this is the endpoint you provide to the vendor.

3. In the Tokens overview, click “Show” next to your new API token to reveal the token value.

4. Copy the token string.

You can now send the vendor:

• The public API URL (from the link icon)

• The API token (from the “Show” action)

Additional guidance for external developers

On the public API URL, the vendor will see:

• All fields,

• All select lists,

• All status values,

• All data structures specific to this campaign.

This allows them to build their own POST request bodies quickly and correctly, because the documentation automatically reflects:

• Field names,

• Expected data types,

• Required or optional fields,

• Status transitions,

• Enumerations for selects and dropdowns.

In practice, partners can copy the structure directly from the API documentation and construct their integration based on the exact schema used in your campaign.

Important notes

Make it explicit in your communication that:

• The token must be kept secret.

• The token is scoped to their data only via the campaign filter.

• If they need broader or different access, you will issue a new token with a different filter and permissions.

Part 2: Simple Account-Level API Token (no campaign filter)

If you just need a general API token (for internal tools or broad access) and not a per-vendor slice, you can create it from the Account area.

Step A – Open the account-level API documentation

1. Go to Account → API documentation.

2. Click the button “Go to the new API documentation here”.

3. In the new API interface, go to API Tokens.

This view manages API tokens not tied to a specific campaign filter.

Step B – Create a general API token

1. Click “New API Token”.

2. Give the token a clear, internal name, e.g.:

   • Internal integration – read/write

   • Reporting tool – read only

3. Select the permissions required by the integration:

   • Read, write, or both.

4. Save the token.

Since this token is not bound to a campaign filter, it will follow whatever scope the account-level API provides. Only use this approach when broad access is acceptable and controlled.

Step C – Share endpoint and token internally

In the token list, click the link icon to open the public API documentation for the campaign.
Copy the URL – this is the endpoint your internal system will use.

Click “Show” next to the token to reveal the token value and copy it.

Provide your internal team or integration system with:

• The public API URL

• The API token

Additional guidance for internal integrations

The public API documentation automatically exposes:

• All fields in the campaign

• All select lists and allowed values

• All status options

• Required and optional parameters

• The expected JSON schema for create/update operations

This means your internal developers (or automated systems) can construct correct POST bodies directly from the live documentation, ensuring the payload matches the campaign’s exact schema without guessing.

Security note

Treat the token as a credential:

• Store it safely.

• Rotate it if needed.

• Issue separate scoped tokens if different internal systems need different access levels.

? Common searches

api setup • api integration • webhook setup • api authentication

? Also known as

integration • webhook • endpoint

Related articles

How do I read/get leads via API?
Sharing Personalized API Documentation
_Hubhus integrations overview
Configuring email settings for thirdparty
How do I integrate with e-conomic?