Missing or invalid scopes



I am trying to get OAuth to work. Was working fine last week, but now I am getting a 400 bad request.

Here is what I do:

  1. -> app.hubspot.com/oauth/authorize?client_id={id}&scope=contacts&redirect_uri=http://www.hubspot.com

  2. I get back a code and use it to authenticate
    with header “Content-Type” = application/x-www-form-urlencoded
    and body x-www-form-urlencoded in POSTMAN to:
    grant_type = authorization_code
    client_id = my client id
    client_secret = my secret
    redirect_url = http://www.hubspot.com
    code = code returned from step 1 above

NOTE: my dev portal id = 2712969

When I issue the request in POSTMAN I get 400 bad request:
“error”: “access_denied”,
“error_description”: “missing or invalid scopes”

This was working fine last week, but not today.

Any help is greatly appreciated.



If you’re trying to exchange a code for a token your redirect_url should be your original redirect url, not hubspot.


thanks, you are correct. In my java code, I use the correct redirect URL back to my app. In the above post, I am just trying to get it to give me back an access token using POSTMAN. This request was working. This is the first time I am getting “missing or invalid scopes” error message. My assumption is that something must be different or has been changed in Hubspot land.


@jsimone are you getting that error in the POST to https://api.hubapi.com/oauth/v1/token to get the initial tokens? You using redirect_url instead of redirect_uri (L instead of I in uri), but that should be returning a different error.

Does your app have the contacts scope checked in the settings? Do you have any other scopes selected?


I did have redirect_url, the “url” was just a type from me entering it here.

Anyway, today I am not getting an auth code when I submit this:


I am getting this:

Uh oh!

You do not have the correct role to grant these permissions. Please contact your administrator.

this happens even though my dev account (2712849) has:

both Account Administor and Developers Administrator

Any idea why I am getting this. Yesterday I was getting an auth code but access denied on the token request. Today I am not even getting that far!

After this, i tried deleting my CRM account (2712969) only leaving my dev portal account (2712849) to no avail.



Developer portals don’t have access to any of the tools besides the developer tools, so they won’t be able to authorize an OAuth connection. If you only have a developer portal, you can create a test portal that can be used to test the authorization.


I am back in business. After deleting and recreating my CRM - all my test deals, all my test contacts and all my test companies, I was able to successfully acquire a code and then an access token. I can now send API requests without errors. After the OAuth initiate call I was greeted by the grant permissions page to which I granted access: