Why is OAuth Required for Timeline Events



Hi all,
I’m relatively new to the HubSpot API, but in general, I’ve found it pretty easy to use. I’ve built an internal JS library that makes authentication transparent and method calls super easy. Our HubSpot (HS) integration is a one-off integration and specific to our internal use to better understand how our customers are using our product and how we can better serve them.

Right now, we have Oauth flow and hapi options in our HS library but as I read on the forums, the OAuth options are pretty much a non-starter for us since we are updating in response to our customer’s interaction with our app (i.e. server-side, like a batch process) when a HubSpot user may not be logged in and OAuth requires a user to be at a web browser to authorize the app. So far this hasn’t been an issue since we can just use a hapi key and everything works fine.

The problem is we have been integrating custom timeline events (Imagine an event like: Customer X made a purchase for $YYY dollars). We can create the custom event types, define their properties, etc. No problem. The issue comes in creating the event for the contact. Creating/Updating a timeline event requires OAuth. For our use case, this seems problematic. About the only solution I see is to queue up all the timeline events and blast HubSpot when a HS user goes online and we can get a valid OAuth token. Then again, I could be missing something obvious or just thinking about the API in the wrong way. (Very possible it is “user” error.)

Any ideas? I’ve read the API docs multiple times and searched these forums and I’ve not been able to find anything to address this issue. We are very close to getting this to work, but this authentication step is blocking us.



Hi @dpankros

The Timeline API requires you to use OAuth since the events are set up as part of an app, so you’d need to authorize that app with your HubSpot account then use the OAuth credentials you get to create the events that were set up for that app.

You will need to have a user log into HubSpot and authorize the app once, but you should only need to do that once, as you’ll get a refresh token from that process. Your app would use that refresh token to generate a new access token (without further user action) after the initial access token expires.


@dadams Thanks for your reply. I must have a problem somewhere because I’ve been needing to constantly reapprove the application in my portal. If I don’t need to request new tokens and only need to refresh, I agree the process would be much easier.

If I understand correctly, you’re saying I can refresh an expired token? I expected that I would need to refresh it before it expired.

I’ll take a look at that code to see if I can get it to work as you describe. Thanks for your reply!


My assumption was code into the library that I needed a new token at application start. A new token needs a would need a new authorization for the app (because the code can only be used once), which would need a user interaction. By changing that assumption, our app now will refresh the token as necessary and it all works properly. Thanks for your help @dadams!

Now if only there were a way to get timeline events after you create them… :slight_smile: