Oauth 2 get authorisation code from php curl



We are integrating our CRM with hubspot. So each time when a contact is submitted we will add the contact to our CRM and also to our hubspot account. If the contact already exists in our hubspot we want the contact to get logged in the timeline logs. So as far we have analysed the docs we found that inorder to add log to the timeline, we have to first create a app in developers portal and pass the necessay parameters like client id, scopes and redirect URI to the authorisation url. So after doing that and generating all these in test portal for testing purpose we get the code in the redirect_uri page. With that we are able to get the access token and proceeding further to post a event as a log in timeline. But where we got stuck is that, we want to get the authorisation code in our CRM app using php curl. But when we throw a curl request, the response does not return the redirect_uri, so that we may get the code from the URI. Even though we have passed Username and password along with the curl the response does not return code. Also we have granted the user access permission for scopes.


Hi @Vijay_Wilson_J,

If I understand what you are trying to do correctly, it sounds like you are looking to handle the authorization flow without an actual human being involved. If that’s the case this is not supported, someone must log into HubSpot via a browser and authorize the application in order to get a code which can be exchanged for an access token.

Generally in these cases, you would want to go through the authorization flow as described above but make sure you store the refresh token. That refresh token will allow you to get a new access token after they expire (which happens after 6 hours). Human interaction is only required once during the initial set up, from then on the application can just run in the background.

If that’s not what you were looking for let me know and we can try and work something else out.



Hi Zack,

I’m having a similar issue but with a C#-based console app. In our application we connect to Hubspot periodically (daily, weekly, on-demand) and synchronize contact data between Hubspot and our proprietary CRM, Often, this occurs off-hours when human interaction is not practical.

Just to confirm, when you say “Human interaction is only required once during initial setup”, does that mean I can store the authorization token returned by the initial call to “https://app.hubspot/com/oauth/authorize…”, and then re-use it between sessions to generate new access and refresh tokens?

  • Chris

Generate OAuth 2.0 Access Token Programatically

Hey @ChrisF,

You are almost correct. Once you go through the initial authorization flow (the bit that requires human interaction) you will get a code via your redirect_url. You can then redeem this code to get an access_token and a refresh_token via this endpoint https://developers.hubspot.com/docs/methods/oauth2/get-access-and-refresh-tokens

You should save both the access_token and refresh_token in your database. From now on your can use the refresh_token to programmatically (with no human interaction) get a new access_token when the old one expires. The method to do that is described here: https://developers.hubspot.com/docs/methods/oauth2/refresh-access-token

The real key is saving the refresh_token, it doesn’t expire and is what allows you to keep making authorized requests to HubSpot from your app without any further human intervention.

Hopefully this clears things up, if not, don’t hesitate to post another question and we can work through it.