There's a new version of the HubSpot API

As of November 30, 2022, HubSpot API keys are no longer a supported authentication method for accessing HubSpot APIs. Instead, you should use a private app access token or OAuth to authenticate API calls. Learn more about this change and how to migrate an API key integration to use a private app instead.

Refresh OAuth 2.0 access token

Last updated October 1, 2021

POST /oauth/v1/token

Method Details

HTTP Methods:


Content Type:


Response Format:


Requires Authentication?


Rate Limited?





Marketing & CRM

Use a previously obtained refresh token to generate a new access token. Access tokens are short lived; you can check the expires_in parameter when generating an access token to determine its lifetime (in seconds). If you need offline access to HubSpot data, store the refresh token you get when initiating your OAuth integration and use it to generate a new access token once the initial one expires.

Note: HubSpot access tokens will fluctuate in size as we change the information that is encoded the tokens. We recommend allowing for tokens to be up to 300 characters to account for any changes we may make.
Required parameters How to use Description
Grant type  grant_type=refresh_token
Used in the request body
The grant type of the request, must be refresh_token when refreshing an access token.
Client Id client_id=x The client ID of your app.
Client secret client_secret=x
Used in the request body
The client secret of your app.
Refresh token refresh_token=x
Used in the request body
The refresh token obtained when initially authenticating your OAuth integration.