RP
RevenueProven
All Help Articles
What permissions and scopes does each integration need?

What permissions and scopes does each integration need?

LinkedIn needs ad analytics read and campaign scopes. HubSpot needs Companies and Deals read. Salesforce needs API access plus Account and Opportunity read permissions. Revenue Proven never requests write access to your CRM.

Revenue Proven requests the minimum OAuth scopes and permissions needed to pull attribution-relevant data from each connected platform. No write scopes are requested for any CRM integration. Here is what each platform requires and why.

LinkedIn Ads scopes

  • r_ads_reporting: read ad analytics and engagement metrics, required for attribution
  • rw_ads: read campaign data including campaign IDs and names
  • r_organization_social: read organization profile data for company name resolution
  • rw_media_plans: required only if you use the Media Planning sync feature
  • r_ad_library: required only for Competitor Intelligence, needs LinkedIn approval

HubSpot scopes

  • crm.objects.companies.read: read company records including domain and name
  • crm.objects.deals.read: read deal amounts, close dates, and pipeline stages
  • crm.schemas.deals.read: read pipeline stage definitions and labels

Salesforce permissions

  • API Enabled: required at the profile level for any Salesforce API access
  • Account read: read company name, website, and associated fields
  • Opportunity read: read deal amount, stage, close date, and account association
  • OpportunityStage read: read stage labels and win probability values

Revenue Proven never requests permissions to create, update, or delete records in any connected platform. OAuth tokens are stored encrypted using AES-256-GCM and the raw token is never logged or shown in the UI.

CRM connection screen showing HubSpot and Salesforce options
Both CRM connections display their current status and granted scope summary.