Using Contacts API with OAuth 2.0

oauth
contacts

#1

I have a Hubspot account that has been using the Contacts API for several years now. With the new OAuth 2.0 changes coming we need to update our code for when we use the Contacts API.

This is the url that we are currently using to collect our contacts data:
https://api.hubapi.com/contacts/v1/lists/recently_updated/contacts/recent?access_token=${HUBSPOT_TOKEN}&count=100

And we are using the following to get the access_token:
–post-data “refresh_token=${REFRESH_TOKEN}&client_id=${CLIENT_ID}&grant_type=refresh_token” “https://api.hubapi.com/auth/v1/refresh

I do NOT have an existing app in hubspot, we make this call from code on our servers to collect the data.

Can someone please walk me through what changes I need to make to migrate to OAuth 2.0?
I understand I need a client_secret code but if I don’t have an app calling the API is this possible?

TIA,
Bryan


#2

For anyone looking for help with the OAuth2.0 migration, we’ve configured our setup to now work with OAuth2,0.

In the OAuth1 configuration we were using the Contacts API supplied by Hubspot.

Using the Hubspot Apps I’ve basically created a third-party to user setup. Anyone with a developers account can create an App that has access to different scopes of a users account (Forms, Reports, Contacts…etc).

So I created a developers account along with our regular hubspot account. I gave the app access to the scope Contacts and basic OAuth functionality.

The first step is to go to the following URL:

https://app.hubspot.com/oauth/authorize?client_id=CLIENT_ID&scope=SPECIFIC_SCOPES&redirect_uri=https://www.example.com

Where the CLIENT_ID is the ID the developer has when they create the App on the following screen:

And for us the SPECIFIC_SCOPES we used was Contacts. The /authorize/ call will take you to a hubspot page where you have to authorize the app to access the hubspot data. Once
you have given authorization to the app you will be redirected to the redirect_url with a code=CODE attached to the end of the URL.

The code is the authorization_code required for the following URL:

https://api.hubapi.com/oauth/v1/token?grant_type=authorization_code&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&code=CODE&redirect_uri=https://www.example.com

The CLIENT_SECRET is also available from the screen shot above.

Running that URL will return a json with an access_token and refresh_token. The access_token is good for 6 hours and the refresh_token is to be used when the access_token expires, with the following URL:

https://api.hubapi.com/oauth/v1/token?grant_type=refresh_token&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&refresh_token=REFRESH_TOKEN&return_uri=https://www.example.com

This is an example of the url to be called with the access_token to retrieve the contacts:

curl -H “Authorization: Bearer ACCESS_TOKEN” https://api.hubapi.com/contacts/v1/lists/recently_updated/contacts/recent?count=100”

If there is anything in here that is incorrect, feel free to correct it in the comments. I am not affiliated with Hubspot in anyway, I just wanted to share what has worked for me. Also I was very surprised that 11 days went by without any responses!

I hope this helps anybody out there!
Bryan