Using OAuth 2.0 access tokens

OAuth 2.0 access tokens are provided as a bearer token in the Authorization http header.

The header format is:

Authorization: Bearer {token}
➜ ~ curl -H "Authorization: Bearer CJSP5qf1KhICAQEYs-gDIIGOBii1hQIyGQAf3xBKmlwHjX7OIpuIFEavB2-qYAGQsF4" https://api.hubapi.com/contacts/v1/lists/all/contacts/all\?count\=1

{"contacts":[{"addedAt":1390574181854,"vid":204727,"canonical-vid":204727,"merged-vids":[],"portal-id":62515,"is-contact":true,"profile-token":"AO_T-mMRNC0-gfJqwyy000eKsDDyaZF7WGCDR7nwwcCgdTB_ud0lE0OHxUrRnhmxWNq6S6HEho20pvLJiD20qezzYPyDjqguKvDzVQlldiIxMSJFaYm505BnslV9hABly_GAk5agvp0g","profile-url":"https://app.hubspot.com/contacts/62515/lists/public/contact/_AO_T-mMRNC0-gfJqwyy000eKsDDyaZF7WGCDR7nwwcCgdTB_ud0lE0OHxUrRnhmxWNq6S6HEho20pvLJiD20qezzYPyDjqguKvDzVQlldiIxMSJFaYm505BnslV9hABly_GAk5agvp0g/","properties":{"firstname":{"value":""},"lastmodifieddate":{"value":"1473963575184"},"company":{"value":""},"lastname":{"value":""}},"form-submissions":[],"identity-profiles":[{"vid":204727,"saved-at-timestamp":1471266813356,"deleted-changed-timestamp":0,"identities":[{"type":"LEAD_GUID","value":"f9d728f1-dff1-49b0-9caa-247dbdf5b8b7","timestamp":1390574181878},{"type":"EMAIL","value":"new-email@hubspot.com","timestamp":1471266813256}]}],"merge-audits":[]}],"has-more":true,"vid-offset":204727}%

 In this example, the access token is CJSP5qf1KhICAQEYs-gDIIGOBii1hQIyGQAf3xBKmlwHjX7OIpuIFEavB2-qYAGQsF4

Here's an example that using cURL to get contacts with the Authorization header:

Notes:
  • HubSpot access tokens will fluctuate in size as we change the information that is encoded the tokens. We recommend allowing for tokens to be up to 300 characters to account for any changes we may make.
  • If you're using OAuth 2.0 access tokens, you should not include hapikey= in the request URL. The Authorization header is used in place of that query parameter.