I'm looking to build integration from our own application into HubSpot and can do this with the hapikey approach but now want to implement OAuth2. For the purpose that we have there is NO connected user as we run the REST calls from a thread on a server. I'm stuggling to work out what we need to build to get the initial token as most of the documentation seems to assume I'm integrating a browser based application. Ideally if I have the values required to make a call via SOAP UI I can work it all out from there. I have the client id and client secret but not sure what I need for the redirect_uri or code parameters. We are using c# / .Net and RestSharp to make the requests. Pretty sure someone must have asked this but not finding the right solution. Can you help?
Apologies, allow me to clarify here! This part that we're doing is simply initiating the integration to obtain the Access and Refresh tokens. Once this is done, a simply API call is required every 6 hours to continually refresh the Access Token being used.
Once the initial integration is done, the continued access is handled through the use of the Refresh token once obtained. The Access and Refresh tokens are used to continually allow access without the need to initiate each time as you're saying. To list the steps:
This process is then repeated every 6 hours as this is how long the Access token lasts for.
However, the Refresh token does not expire. Therefore, if you fail to refresh the Access token within the 6 hours, you can still use the currently stored Refresh token to refresh the access.
The redirect_uri or code parameters are part of the OAuth 2.0 flow that HubSpot supports, commonly known as the Authorization Code flow.
In order to initiate the integration, you will require a user to access the OAuth URL that is generated in your HubSpot Developers App, this initiates the integration to the Portal and authorizes the App with specific scope access.
Once this is done, you'll be redirected to the redirect_URI, as this is not an App you're listing on a Marketplace and is only for your use, you can simply insert any URL you'd like, for testing purposes, I simply redirect to a page on my site. Once redirect, the code parameter will have been appended to your redirect_URI, you can now take this and and begin the process of requesting Access and refresh tokens as per our docs here.
Thank you, I'm a bit further forward as I now have a "code" value but to simulate what I will be doing in code I am tryign to build a SOAP UI request and that fails (all other requests via hapikey are working).
At this stage I just want to get a token now that I have the "code".
This is what I am sending but all I get back is an usupported media error
Great, the Code that gets returned when authenticating via the OAuth URL expires after 10 minutes, so in this case, simply generate a new one and make the request.
This should be successful and return the Access and Refresh Token for you.
I cannot see how this is going to work if the code times out. Each time we need to makea request we need a user to visit theOAuth link, then choose an account to connect with on the page then tick the I Am Not A ROBOT link just to get a code whic expires in 10 minutes.
I must be missing something here. We have a server which has no user in attendance and it will therefore need to make a connection.
I can achieve what we need with hapikey BUT it should be OAuth2 for security but cannot see how this works following the instructions on the web site and what you have told me so far.
Apologies, allow me to clarify here! This part that we're doing is simply initiating the integration to obtain the Access and Refresh tokens. Once this is done, a simply API call is required every 6 hours to continually refresh the Access Token being used.
Once the initial integration is done, the continued access is handled through the use of the Refresh token once obtained. The Access and Refresh tokens are used to continually allow access without the need to initiate each time as you're saying. To list the steps:
This process is then repeated every 6 hours as this is how long the Access token lasts for.
However, the Refresh token does not expire. Therefore, if you fail to refresh the Access token within the 6 hours, you can still use the currently stored Refresh token to refresh the access.