There's a new version of the HubSpot API

Check out the new API

As of November 30, 2022, HubSpot API keys are no longer a supported authentication method for accessing HubSpot APIs. Instead, you should use a private app access token or OAuth to authenticate API calls. Learn more about this change and how to migrate an API key integration to use a private app instead.

Refresh OAuth 2.0 access token

Last updated October 1, 2021

POST /oauth/v1/token

Method Details

HTTP Methods:

POST

Content Type:

application/x-www-form-urlencoded

Response Format:

json

Requires Authentication?

Yes

Rate Limited?

Yes

Headers

User-Agent

Products:

Marketing & CRM

Use a previously obtained refresh token to generate a new access token. Access tokens are short lived; you can check the expires_in parameter when generating an access token to determine its lifetime (in seconds). If you need offline access to HubSpot data, store the refresh token you get when initiating your OAuth integration and use it to generate a new access token once the initial one expires.

Note: HubSpot access tokens will fluctuate in size as we change the information that is encoded the tokens. We recommend allowing for tokens to be up to 300 characters to account for any changes we may make.
Required parameters How to use Description
Grant type  grant_type=refresh_token
Used in the request body		 The grant type of the request, must be refresh_token when refreshing an access token.
Client Id client_id=x The client ID of your app.
Client secret client_secret=x
Used in the request body		 The client secret of your app.
Refresh token refresh_token=x
Used in the request body		 The refresh token obtained when initially authenticating your OAuth integration.

About

Jobs

Learn Inbound

Support

Locations

HubSpot, Inc.
25 First Street, 2nd Floor
Cambridge, MA 02141
European Headquarters
Ground Floor, Two Dockland Central
Guild Street, Dublin 1
Asia/Pacific Office
20 Hunter St, Level 7
Sydney NSW 2000
View our other locations
POST URL: https://api.hubapi.com/oauth/v1/token Headers: Content-Type: application/x-www-form-urlencoded;charset=utf-8 Data: grant_type=refresh_token&client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&client_secret=yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy&refresh_token=zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz If successful, you will receive a JSON response with a new access_token: { "access_token": "xxxx", "refresh_token": "zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz", "expires_in": 21600 } If there are any problems with the request, you'll receive a 400 response with an error message. { "status": "EXAMPLE_ERROR_CODE", "message": "A human readable error message", "correlationId": "da1e1d2f-fa6b-472a-be7b-7ab9b9605d59", "requestId": "ecc0b50659814f7ca37f5d49cdf9cbd3" }