HubSpot's OAuth scope list is extensive. Requiring all scopes upfront causes connection drop-off from cautious enterprise admins. Optional scopes let agents request only what they need now, while leaving the door open for broader permissions later — without blocking the initial connection.

A CRM intelligence agent reads HubSpot contacts and deal stages to generate pipeline summaries. It only needs crm.objects.contacts.read and crm.objects.deals.read. The developer marks all other HubSpot scopes as optional. Enterprise admins grant just those two scopes and the connection succeeds immediately — no change requests needed for capabilities the agent doesn't use.

What's included

• Optional scopes split the HubSpot scope list into required and optional — user can decline optional without blocking connection.
• Agents get connected with minimal permissions; additional scopes requested incrementally as capabilities expand.
• Scope configuration managed through the Scalekit dashboard — no code changes to adjust required vs. optional.
• Reduces OAuth consent friction for enterprise admins who scrutinize scope requests.