OAuth Scopes Explained

When you connect HubSpot or QuickBooks, you're asked to grant certain permissions. This article explains what each permission does and why we need it.

Why We Ask for Permissions

SimpleCommerceSync needs permission to read and write data in your connected systems. Without these permissions, we can't:

  • Read invoices to sync them
  • Create invoices in the destination system
  • Match customers and products
  • Update records when things change

We only request the minimum permissions needed for sync functionality.

HubSpot Permissions

When you connect HubSpot, you authorize the following:

Contacts (Read and Write)

  • Why: To match customers between HubSpot and QuickBooks
  • What we do: Read contact emails to find matching QuickBooks customers. We may update contacts with QuickBooks customer IDs for linking.

Invoices (Read and Write)

  • Why: Core sync functionality
  • What we do: Read invoice details (amounts, line items, dates) to sync them. Write to create invoices or update sync status properties.

Products (Read and Write)

  • Why: To match line items by SKU
  • What we do: Read product SKUs to match with QuickBooks items. Write to create products when syncing from QuickBooks.

Quotes (Read and Write)

  • Why: To sync quotes as QuickBooks estimates
  • What we do: Read quote details for syncing. Write to create quotes when syncing from QuickBooks.

Line Items (Read)

  • Why: Invoices and quotes contain line items
  • What we do: Read line item details including quantity, price, and SKU.

Payments (Read)

  • Why: To sync payment records
  • What we do: Read payment amounts, dates, and methods for syncing to QuickBooks.

Tax Rates (Read)

  • Why: To apply correct tax codes
  • What we do: Read your HubSpot tax rates to map them to QuickBooks tax codes.

Schemas (Read)

  • Why: To understand your custom properties
  • What we do: Read the structure of invoices, quotes, and line items to properly handle custom fields.

QuickBooks Permissions

QuickBooks uses a single, broad permission:

Full Accounting Access

  • Why: QuickBooks doesn't offer granular permissions
  • What we do:
    • Create and read invoices
    • Create and read payments
    • Create and read items (products/services)
    • Create and read customers
    • Read tax codes for mapping

Data Security

  • We only access what's needed - We don't read unrelated data like emails or files
  • Your data stays yours - We don't share your data with third parties
  • Connections are encrypted - All communication uses secure HTTPS
  • Tokens are protected - Your authorization tokens are stored securely and refreshed automatically

Revoking Access

You can disconnect at any time from Settings then Connections. You can also revoke access directly from:

  • HubSpot: Settings then Integrations then Connected Apps
  • QuickBooks: Go to your Intuit account and manage connected apps

Questions?

If you have concerns about permissions or data access, please contact our support team.