Hubspot oauth2 flow - Access Denied

oauth

#1

Hi All,

Here is the blocker I’ve run into with using Hubspot oauth2:

I’ve set up a Hubspot app using a Hubspot Developer account. It has the following scopes checked:
Basic OAuth Functionality, Contacts, Content, Reports, Social, Workflows, Forms, Files

I keep receving an Access Denied response when trying to use an authorization code to get a new access token. To be clear, I have not been able to get it to work even once.

I was concerned that it may be happening due to IP address blocking, but I tried on both my home and work network and experienced the same issue. I also tried using both a “Public” and “Custom” (private) Application Type for the Hubspot Application, and experienced the same issue.

One other thing to note is that when I go to view my app’s Monitoring > API call logging, it is empty, stating: “All quiet on the API front. There will be more to see here once your application goes online.”


Steps to reproduce
Note: Sorry for the oddly formatted urls; as a new user to the forum I am not able to include links in my post.

  1. I request an auth code using:

    POST https:// app.hubspot .com/oauth/authorize?client_id=<my_client_id>&scope=contacts%20content%20reports%20social%20automation%20forms%20files%20oauth&redirect_uri=https:// www.myapp .com/oauth/Hubspot

  2. I am presented with the oauth login screen and I select select my Hubspot Marketing Enterprise account.

  3. In my app I receive a response containing an authorization code.

  4. I immediately make a request for an access token using the code:

    POST https:// app.hubspot .com/oauth/v1/token
    "headers": {
    “Content-Type”: “application/x-www-form-urlencoded”,
    “User-Agent”: “unirest-php/2.0”
    },
    “form”: {
    “client_id”: “<my_client_id>”,
    “client_secret”: “<my_client_secret>”,
    “code”: “<authorization_code>”,
    “redirect_uri”: “https:// www.myapp .com/oauth/Hubspot”,
    “grant_type”: “authorization_code”
    }

  5. The response I receive is this:
    Status 403

    <HTML><HEAD>
    <TITLE>Access Denied</TITLE>
    </HEAD><BODY>
    <H1>Access Denied</H1>
     
    You don't have permission to access "http&#58;&#47;&#47;static2cdn&#46;hubspot&#46;com&#47;OAuthUI&#47;static&#45;1&#46;531&#47;html&#47;index&#46;html" on this server.<P>
    Reference&#32;&#35;18&#46;a92b0e6b&#46;1518794150&#46;1d5b9253
    </BODY>
    </HTML>

#2

Hi @derekjonesuberflip,

You’re making the request to the wrong domain; the URL to get access/refresh tokens is https://api.hubapi.com/oauth/v1/token, not
https://app.hubapi.com/oauth/v1/token


#3

:man_facepalming: I had my base uri set as app.hubapi during the authorization step (https://app.hubspot.com/oauth/authorize). With the heading on the token page stating “POST /oauth/v1/token”, I hadn’t noticed the change from app to api in the code example.

Thanks a lot Derek!