Authenticating to HubSpot

There are two authentication methods available for connecting to HubSpot data source: PrivateAppToken-based and OAuth Authentication.

Some tables in the HubspotV3 schema may not work with the OAuth mechanism. This API limitation restricts their usage only to the PrivateAppToken-based authentication. Specifically, each table in the data-model section will mention the supported authentication mechanism.

Private App Token

To connect using a Hubspot Private App Token, set the AuthScheme property to PrivateAppToken and OAuthAccessToken to the value of your application's access token, and you are ready to connect.

You can generate a HubSpot Private App Token by following the steps below:

  1. In your HubSpot account, click the settings icon in the main navigation bar.

  2. In the left sidebar menu, navigate to Integrations > Private Apps.

  3. Click Create private app.

  4. On the Basic Info tab, configure the details of your application (name, logo, and description).

  5. On the Scopes tab, select Read or Write for each scope you want your private application to be able to access. This determines the data the driver has access to retrieve. Refer to the OAuthRequiredScopes and OAuthOptionalScopes properties for recommended scopes to select.

  6. After you are done configuring your application, click create app in the top right.

  7. Review the info about your application's access token, click Continue creating, and then Show token.

  8. You can now set the retrieved token in the OAuthAccessToken property (OAuthAccessToken is used for Private App Access Tokens and OAuth Access Tokens).

You can set the AuthScheme to PrivateAppToken to enforce this Authentication scheme.


AuthScheme must be set to OAuth in all OAuth flows. The following OAuth flows assume you have done so.

Follow the steps below to register an application and obtain the OAuth client credentials, the OAuthClientId and OAuthClientSecret:

  1. Log into your HubSpot developer account.

  2. On the developer account home page, click Create an app or, if starting from the Apps dashboard, click Create app.

  3. On the App info tab, enter and optionally modify values that are displayed to users when they connect. These values include the public application name, application logo, and a description of the application.

  4. On the Auth tab, copy the client ID and client secret. You will use these later for the OAuthClientId and OAuthClientSecret properties.

  5. Set CallbackURL to http://localhost:33333 or a trusted URL where users are redirected to after they authorize your application.

  6. Under Scopes, select Standard > oauth, any additional scopes as needed for your application's functionality, and the data you want to retrieve (see the OAuthRequiredScopes and OAuthOptionalScopes properties for the default scopes requested by the driver).

Note that the requested scopes (OAuthRequiredScopes) must match the scopes specified in your application's settings.

After setting the following, you are ready to connect, Set the following connection properties to obtain the OAuthAccessToken:

  • InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken.

  • OAuthClientId (custom applications only): Set this to the client Id assigned when you registered your application.

  • OAuthClientSecret (custom applications only): Set this to the client secret assigned when you registered your application.

  • CallbackURL (custom application only): Set this to the redirect URI defined when you registered your application.

When you connect, the provider opens HubSpot's OAuth endpoint in your default browser. Log in and grant permissions to the application. The provider then completes the OAuth process:

  1. The provider obtains an access token from HubSpot and uses it to request data.

  2. Extracts the access token from the callback URL and authenticates requests.

  3. Saves OAuth values in the location specified in OAuthSettingsLocation. These values persist across connections.

The provider refreshes the access token automatically when it expires.

Last updated