OAuth API Methods

Refresh an OAuth Access Token

POST  /auth/v1/refresh

Refresh an OAuth Access Token to use for API calls to the HubSpot APIs

You will know when you will need to refresh a token by checking the hubspot.marketplace.accessExpires parameter that we pass to your app. For external apps this will be provided in the expires_at time provided by the authorization redirect. You should also detect when any HubSpot API you are calling returns an HTTP Status Code 401 (Unauthorized).

For Canvas applications, we guarantee each 'session' a user starts within an app is issued with an active Access Token, but you should pay careful attention to your API use to determine if you need to refresh a token.

Please Note The request header for this method must be application/x-www-form-urlencoded. Also note that the parameters listed below must be in the POST body, similar to a form being submitted, and not in the request URL or anywhere else.

Required Parameters How to use Description
Refresh Token refresh_token=XXX - Used in the request body The refresh token was provided to you when you first make the request to get the token. You can learn about generating refresh tokens here.
Client ID client_id=XXX - Used in the request body Your client ID is unique to your app and is generated when you first register your app in the HubSpot Marketplace. You can view your app's client ID by going to your app's dashboard.
Grant Type grant_type=refresh_token - Used in the request body This value MUST be "refresh_token" for now. In the future, we may enable more grant types, but for now, please set this parameter to "refresh_token".
Optional Parameters How to use Description
None None No optional parameters for this method.

Example URL:  https://api.hubapi.com/auth/v1/refresh

Example Request Body:  refresh_token=XXX&client_id=YYY&grant_type=refresh_token

The response from this API call is JSON with the following information.

        {
            "portal_id": 17884,
            "expires_in": 28799,
            "refresh_token": "67151562-3694-11e1-8c88-973c3788d6b1",
            "access_token": "2c68b644-36f6-11e1-b5bc-67bcc68e2f43"
        }

You'll also get standard REST-style HTTP response codes returned that mark success or failure, with meta information about the call that was made. There will be no data in the response body:

  • 200 - When an OAuth Access token is refreshed successfully. The new token will be in the JSON response body.
  • 401 - When an unauthorized request is made
  • 500 - When an internal server error occurs

Method Details

HTTP Methods:

POST

Response Format:

JSON

Requires Authentication?

Yes

Rate Limited?

Yes

Headers

User-Agent

SDK Support

No SDK Support Yet

Quick Links!