GrowthHub API 2.0

Private Integrations

Private Integrations enable you to build powerful custom connections between your GrowthHub account and any third-party application.

If you're planning to connect your GrowthHub account with an external app, you have two options:

Find and install the appropriate app from the App Marketplace
Build your own private integration independently or with a developer using APIs

Private Integrations allow you to securely accomplish the second option.

Key Advantages of Private Integrations

Simple: Easily generate Private Integration tokens directly from your account settings and manage them effortlessly.

Secure: Control and limit the scopes/permissions a developer can access within your account.

What's the difference between Private Integrations and API Keys?

Private Integrations

API Keys

More Secure: You can restrict the scopes/permissions a developer can access

Less Secure: Provides unrestricted access to all account data

Modern Standard: Uses API v2.0 with up-to-date capabilities

Outdated: API v1.0 is deprecated and no longer maintained

More Features: API v2.0 offers more advanced functionality

Limited Features: API v1.0 has restricted capabilities

What's the difference between Private Integrations and OAuth2 Access Tokens?

Private Integrations, in simple terms, function as static/fixed OAuth2 Access Tokens.

Private Integrations

Access Tokens

Generated from the UI: Easily created from the platform interface

Programmatic Generation: Created by exchanging OAuth access code via API

Static/Fixed: Tokens remain the same unless manually rotated

Refreshed Daily: Tokens expire and must be refreshed regularly

How do I use Private Integrations?

Private Integration tokens are used in the Authorization header, similar to standard Access Tokens.

Example:

curl --request GET \

--url https://services.leadconnectorhq.com/locations/ve9EPM428h8vShlRW1KT \

--header 'Accept: application/json' \

--header 'Authorization: Bearer <YOUR PRIVATE INTEGRATION TOKEN>' \

--header 'Version: 2021-07-28'

Testing a Private Integration with API Calls

After creating your Private Integration, you can test it by sending data to an API endpoint. Below is an example of adding a new contact:

curl --request POST \

--url https://services.leadconnectorhq.com/contacts/ \

--header 'Authorization: Bearer <YOUR PRIVATE INTEGRATION TOKEN>' \

--header 'Content-Type: application/json' \

--header 'Version: 2021-07-28' \

--data '{ "firstName": "John", "lastName": "Doe", "email": "[email protected]", "phone": "+1234567890", "locationId": "LOCATION_ID" }'

Make sure to:

  • Replace LOCATION_ID with the correct sub-account ID.

  • Replace Authorization value with your generated Private Integration token.

How do I manage Private Integrations?

Who can create Private Integrations?

By default, all agency admins can create and manage Private Integrations. You can customize this access at the user level.

Navigate to:

Settings > Team > Edit the specific agency admin > Roles & Permissions, and enable/disable Private Integrations for that user.

You can apply permissions at two levels:

  • Allow the agency admin to manage the agency’s Private Integrations

  • Allow the agency admin to manage sub-account Private Integrations

Where can I find Private Integrations?

Private Integrations can be accessed within your agency settings.

If you don’t see it under settings, make sure the feature is enabled in Labs.

How do I create a new Private Integration?

Step 1: Click on "Create new Integration"

Step 2: Assign a name and description to help your team identify its purpose

Step 3: Select the scopes/permissions the integration should have. Only choose what’s necessary for better security

Step 4: Copy the generated token and share it with your developer

Note: Only share tokens with trusted parties. Never expose them publicly.
Make sure to copy the token immediately, as you won’t be able to retrieve it again later.

Best Practices to Maintain Security of My Private Integration Token

We recommend rotating your Private Integration tokens every 90 days.

How to rotate your token:

Step 1: Go to Private Integrations under settings and select your integration

Step 2: Click on "Rotate and expire this token later"

Step 3: Click "Continue" to confirm the action

Step 4: Copy the new token and update it in your third-party application

You will have a 7-day overlap where both old and new tokens remain active. After that, the old token expires.

During this period, you can:

- "Cancel rotation" if more time is needed
- "Expire Now" if the update is already completed

What if my token has been compromised?

Step 1: Go to Private Integrations under settings and select your integration

Step 2: Click on "Rotate and expire this token now"

Step 3: Click "Continue" to confirm

Step 4: Copy the new token and update it in your third-party application

Note: Copy the new token immediately, as it cannot be retrieved again later.

Can I edit the Private Integration permissions without updating the token?

Yes, you can update the name, description, and scopes/permissions anytime after creation.

How:

1. Navigate to Private Integrations under settings and click "Edit" from the three-dot menu

2. Update the name and description if needed, then click "Next"

3. Modify the scopes/permissions if required and click "Update" to save changes

Note: Editing details does not generate a new token. The existing token will remain active.

How do I delete the Private Integration once I no longer need it?

You can remove a Private Integration once it’s no longer in use.

To delete it, go to Private Integrations under settings and select "Delete" from the three-dot menu.