There's a new version of the HubSpot API

As of November 30, 2022, HubSpot API keys are no longer a supported authentication method for accessing HubSpot APIs. Instead, you should use a private app access token or OAuth to authenticate API calls. Learn more about this change and how to migrate an API key integration to use a private app instead.

Get OAuth 2.0 access and refresh tokens

Last updated October 1, 2021

POST /oauth/v1/token

Method Details

HTTP Methods:

POST

Content Type:

application/x-www-form-urlencoded

Response Format:

json

Requires Authentication?

Yes

Rate Limited?

Yes

Headers

User-Agent

Products:

Marketing & CRM

Use the code you get after a user authorizes your app to get an access token and refresh token. The access token will be used to authenticate requests that your app makes. Access tokens are short lived, so you can use the refresh token to get a new access token when the current access token expires.
Note: HubSpot access tokens will fluctuate in size as we change the information that is encoded. We recommend allowing for tokens to be up to 300 characters to account for any changes.
Required parameters How to use Description
Grant type  grant_type=authorization_code
Used in the request body
The grant type of the request, must be authorization_code for the initial request to get the access and refresh tokens.
Client ID client_id=x The Client ID of your app.
Client secret client_secret=x
Used in the request body
The Client Secret of your app.
Redirect URI  redirect_uri=x
Used in the request body
The redirect URI that was used when the user authorized your app. This must exactly match the redirect_uri used when initiating the OAuth 2.0 connection.
Code code=x
Used in the request body
The code parameter returned to your redirect URI when the user authorized your app.