RP
RevenueProven
All Help Articles
What permissions each integration needs and why

What permissions each integration needs and why

A plain-language explanation of every OAuth permission Revenue Proven requests for LinkedIn Ads, HubSpot, and Salesforce, and what each permission is actually used for.

Revenue Proven requests a specific set of OAuth permissions for each integration. This guide explains each permission in plain language so you can make an informed decision before granting access.

CRM connection screen showing HubSpot and Salesforce options
Both CRM integrations use OAuth — Revenue Proven never stores your CRM password, only an encrypted access token.

LinkedIn Ads permissions

Revenue Proven requests read access to ad analytics and company data. This covers campaign performance metrics, company-level engagement signals from the Ad Analytics API, organisation profile data for matched companies, and basic ad account information.

  • r_ads_reporting: read ad analytics data including impressions, clicks, and company-level engagement.
  • r_organization_social: read organisation profile data to resolve company names and website domains.
  • rw_ads (optional, Ads Manager only): create and update campaigns, ad sets, and ads when using the Ads Manager surface.
  • No permission to access your personal LinkedIn profile, connections, or messages is requested.

HubSpot permissions

Revenue Proven requests read access to CRM objects: companies, deals, contacts, deal pipelines, and pipeline stages. Write access to HubSpot is only requested if you enable the CRM push feature, which sends matched account and engagement data back into HubSpot. If that feature is off — which is the default — Revenue Proven operates in fully read-only mode against your HubSpot portal.

Salesforce permissions

The Salesforce OAuth token grants Revenue Proven access to the same Salesforce data your user account can see. Revenue Proven reads Accounts, Opportunities, Contacts, and Opportunity Stage metadata. It does not request access to any object your user account cannot already access in Salesforce, and it never writes to Salesforce under any configuration.