Today we’re launching our OAuth 2.0 authentication protocol. This will replace our previous OAuth implementation. The documentation for OAuth 2.0 can be found here.
Oauth 2.0 offers a few advantages over our previous system:
- The new system follows the OAuth 2.0 specification. This includes getting a
code=parameter after authorization, and using your Client ID and secret to get an access_token, and using the
Authorization: Bearerheader instead of a query parameter when authenticating the API request
- You’ll no longer need to ask users for their Hub ID before sending them to the authentication URL, as they’ll have the option to select any account they have access to on the HubSpot authorization screen.
- You can get the information for an access or refresh token, which includes the Hub ID the token was created for, and the email address of the user that generated that token.
If you’re already using the existing OAuth system, your existing HubSpot apps will work with Oauth 2.0 as well, so you can use your existing Client ID and Client Secret without creating a new app.
With the launch of OAuth 2.0, we are considering the previous OAuth system to be deprecated, and we recommend updating as soon as possible.