"status":"BAD_AUTH_CODE","message":"missing or unknown auth code"



I am trying yo get accesstoken using httpclient using post method but end up with errors. What should i pass for grant_type and what is code parameter can this be a random number , i have given my java code below

List params = new ArrayList();
params.add(new BasicNameValuePair(“client_id”, yamlConfig.getCrmClientId()));
params.add(new BasicNameValuePair(“client_secret”, yamlConfig.getCrmClientSecretKey()));
params.add(new BasicNameValuePair(“grant_type”, grant_type));
params.add(new BasicNameValuePair(“redirect_uri”, redirect_uri));
params.add(new BasicNameValuePair(“code”, “435534535”));
httpPost.setURI(new URI(“https://api.hubapi.com/oauth/v1/token”));
httpPost.setEntity(new UrlEncodedFormEntity(params));
httpPost.setHeader(“Content-Type”, “application/x-www-form-urlencoded”);
HttpResponse response = httpClient.execute(httpPost);


Hi @Vivek_Shankar_Sakrap,

grant_type must be set to authorization_code. The code parameter must be the code you receive after a user authorizes your integration:


url = yamlConfig.getCrmHubspotApiUrlAuthorize();
uri = new URI(url + “?client_id=” + yamlConfig.getCrmClientId() + “&scope=contacts” + “&redirect_uri=”
+ redirect_uri);
httpClient = new DefaultHttpClient();
httpGet = new HttpGet();
HttpResponse httpResponse = httpClient.execute(httpGet);
InputStream responseContent = httpResponse.getEntity().getContent();
String accessTokenResult = AppUtil.convertStreamToString(responseContent);
String client_id = yamlConfig.getCrmClientId();
String client_secret = yamlConfig.getCrmClientSecretKey();

		String grant_type = "authorization_code";

I get html code as response from initiating authorization, is authoriztion_code a response coming from initiating authorization


Hi @Vivek_Shankar_Sakrap,

The authorization_code will be included as a query parameter when a user is redirected to the redirect URL. From the article above:

If they grant access, the user would be redirected to this URL:

You can then grab that code parameter from the redirect page and use it to get access/refresh tokens via the endpoint below: