Initiating OAuth access
After you create your app, a user can install it into their HubSpot account using the install URL located in your app’s settings, which will include theclient_id, redirect_uri, and scopes as query parameters. You may also include optional_scopes and state, if needed.
After a user authorizes your app and installs it into their account, the redirect URL will be appended with a code value, which you can use to generate an access token and a refresh token. The access token will be used to authenticate requests that your app makes, while the refresh token will be used to get a new access token when the current one expires.
Generate initial access and refresh tokens
To get OAuth access and refresh tokens, make a URL-form encodedPOST request to /oauth/v1/token. In the request body, you’ll specify various auth parameters, such as client_id and client_secret, along with the code passed back through the redirect URL.
After a user authorizes your app, the redirect URL will be appended with a code value. Using this code, you’ll generate the initial access token and refresh token. Access tokens are short-lived, and you can check the expires_in parameter when generating an access token to determine its lifetime (in seconds).
For example, your request may look similar to the following:
In the response, you’ll receive the access token along with the refresh token, which you can use to refresh the access token. The
expires_in field specifies how long the access token will last (in seconds).
Refresh an access token
Using a refresh token, you can generate a new access token by making a URL-form encodedPOST request to /oauth/v1/token. In the request body, you’ll specify the grant_type, client_id, client_secret, and refresh_token.
Retrieve access token metadata
To get information about an OAuth access token, including the user that the token was created for and their corresponding Hub ID, make aGET request to /oauth/v1/access-tokens/{token}.
You’ll receive a response containing information about the user’s access token and their HubSpot account.
Delete a refresh token
If a user uninstalls your app, you can delete the refresh token by making aDELETE request to /oauth/v1/refresh-tokens/{token}. This will only delete the refresh token. Access tokens generated with the refresh token will not be deleted. Additionally, this will not uninstall the application from HubSpot accounts or inhibit data syncing between the app and account.
Error handling
When querying for access or refresh tokens, if an OAuth error occurs, the response will resemble the following:status and message fields that were included in previous versions of the OAuth token API endpoints are still available for backwards compatibility.