Machine to Machine OAuth2 Exchanges

New Member

HubSpot Developer Team / Community,

Greetings, I’m working on implementing a solution at my company that interfaces with the HubSpot API so we can send Contacts data, and have some questions about the OAuth2 authorization process.

  • Is there a OAuth2 implementation in place or upcoming that interfaces with machine to machine communication, from start to finish, in the authorization process? The concern we have at my company is the initial setup of the OAuth code using the splash screen that needs user interaction. It seems that if we were going to handle this process in code it would require web scraping and mimicking the same HTTP POSTS that are going on behind the scenes that aren’t discussed inside the API documentation. The big unknown we have with this is how long it would take to do the web scraping to get everything right in recreating the start to finish process, and whether there is an OAuth2 implementation that is in the works or in place (besides the HAPIKey) that allows for smoother machine to machine communication without web scraping.

  • If the only machine to machine communication for authentication that could be implemented is refreshing the access token via a console app, does the refresh token ever expire? Could it be implemented in an automated process that just handles refreshing the access token as needed? This seems the easiest route in regards to implementing the HubSpot API project for our company on our desired timeline, and is what I’m thinking works best.

If either of these inquiries don’t make sense let me know and I’ll try to explain it better. Thank you for your time and I look forward to hearing from the team / community soon.

Thank you,
Greg Rairdon

1 Reply 1
HubSpot Employee


  1. At the moment the only way to generate an access/refresh token is going to be with the splash screen(portal picker) Are you going to have different users signing into different accounts all the time? Would these users not have the ability to chose their portal from the screen they are on using your app?

  2. Yes the refresh token never expires and you can implement an automated process that handles refreshing the access token each time it expires. This way you would only ever see the splash screen on the first first login. After that you would never need it to keep the OAuth2 exchange valid.