The Vendasta-native billing & ops layer.
Connect via Partner API once. We sync your marketplace catalog, businesses, subscriptions, and KPIs every night. Bill your end-clients under your brand, with margin tracked in real time.
How the integration works
Five steps, run continuously and per-tenant.
- Step 1
You upload your service-account JSON
Generate a service account in Vendasta's Developer Center and download the credential file. Upload it to HubWho — we extract the public identifiers, encrypt the RSA private key with AES-256-GCM, and immediately verify by exchanging a JWT for an access token.
- Step 2
Catalog imports automatically
Your Vendasta marketplace catalog — Reputation, Local SEO, Social, Ads, Listings — is pulled in with each product's wholesale cost. You set your retail price; HubWho calculates margin.
- Step 3
Businesses + subscriptions sync nightly
Every business under your partner account is mirrored as a HubWho client. Active Vendasta subscriptions become HubWho subscriptions, ready to bill against.
- Step 4
Invoicing is driven by Vendasta data
When a Vendasta subscription is active, HubWho generates the invoice. When it's canceled mid-cycle, HubWho prorates. No manual line items.
- Step 5
Provisioning follows payment status
When a client goes delinquent, you can pause Vendasta provisioning from HubWho with one click. On payment, HubWho resumes the service automatically.
Credential security
Vendasta API keys are the keys to your business. We treat them accordingly.
Encrypted at rest (AES-256-GCM)
Every credential is sealed with an authenticated cipher before it touches the database. The master key lives in your hosting environment, not in the DB.
Never returned to the browser
The settings UI shows only a masked preview (first 4 + last 4 chars). The plaintext value is never serialized to a tRPC response.
Tenant-isolated
Tenant A cannot read tenant B's credentials — enforced both in tRPC middleware and Postgres row-level security.
Audit-logged
Every credential write, read for sync, or rotation is recorded with actor, IP, and timestamp.
Vendasta integration FAQ
Do I need to be a Vendasta partner already?+
Yes. HubWho is built for agencies that have an existing Vendasta partner account. You'll connect HubWho during onboarding by uploading a service-account credential file you generate in Vendasta's Developer Center.
How does the Vendasta connection work technically?+
Vendasta uses RFC 7523 JWT-Bearer Grant — the same model Google Cloud uses. You create a service account in Vendasta's Developer Center, download a JSON file containing an RSA private key, and upload it to HubWho. We sign short-lived JWTs with that key and exchange them for access tokens at api.vendasta.com when we need to call the API. No password is ever shared.
How are my credentials stored?+
The RSA private key is encrypted at rest using AES-256-GCM with a master key held in your hosting environment, not in the database. The plaintext value is never returned to the browser, never logged, and never visible to other tenants. Identifier fields (client email, key ID) are stored in cleartext so you can confirm which credential is connected.
What happens if I rotate my Vendasta service account?+
Generate a new service account in Vendasta's Developer Center, upload the new JSON file in HubWho settings, and the old credential is replaced atomically. Any cached access token is cleared and a fresh one is exchanged on the next API call. No downtime.
What gets synced?+
Marketplace catalog (your activated products + wholesale costs), every business under your partner account, active subscriptions and orders, and KPI metrics from each activated product (review counts, leads, calls, listing accuracy, ad performance). Catalog and business sync runs nightly; KPI sync runs hourly. All data follows Vendasta's JSON:API conventions.
Can HubWho push data back into Vendasta?+
Yes — pause and resume of provisioned services on delinquency. Order placement directly from HubWho (so a sale in HubWho creates the corresponding Vendasta order) ships in the next phase.