Refresh OAuth 2.0 Access Token

POST v1/oauth/token

Method Details

HTTP Methods:


Content Type:


Response Format:


Requires Authentication?


Rate Limited?





Marketing & CRM

Use the code you get after a user authorizes your app to get an access token and refresh token.  The access token will be used to authenticate requests that your app makes.  Access tokens expire after 6 hours, so you can use the refresh token to get a new access token when the first access token expires.
Note: HubSpot access tokens will fluctuate in size as we change the information that is encoded the tokens. We recommend allowing for tokens to be up to 300 characters to account for any changes we may make.
Required Parameters How to use Description
Grant Type  grant_type=authorization_code
Used in the request body
The grant type of the request, must be authorization_code for the initial request to get the access and refresh tokens.
Client Id client_id=x The Client ID of your app.
Client Secret client_secret=x
Used in the request body
The Client Secret of your app.
Redirect URI  redirect_uri=x
Used in the request body
The redirect URI that was used when the user authorized your app. This must exactly match the redirect_uri used when intiating the OAuth 2.0 connection.
Code code=x
Used in the request body
The code parameter returned to your redirect URI when the user authorized your app.

Optional ParametersHow to useDescription
None None No optional parameters for this method.


Content-Type: application/x-www-form-urlencoded;charset=utf-8

If successful, you will receive a JSON response with a new access_token:
    "accessToken": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "accessTokenExpiresAt": "2019-01-29T13:36:27.655Z",
    "refreshToken":"xxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxx",
    "refreshTokenExpiresAt": "2019-02-12T12:36:27.655Z",
    "client": {
        "id": "xxxxxxxxxxxxxxxxxxxxxxxx"
    "user": {
        "id": "xxxxxxxxxxxxxxxxxxxxxxxx"

If there are any problems with the request, you'll receive a 400 response with an error message.
  "error": "error_code",
  "error_description": "A human readable error message"