HubSpot OAuth Integration: BAD_GRANT_TYPE Error During Token Exchange

oliviac · August 16, 2025, 3:28am

I’m working on integrating a custom application with HubSpot’s API using PHP and running into authentication issues.

Current Setup

Custom HubSpot application configured
Event subscription webhook endpoint that passes validation tests
OAuth redirect handler implementation

The Problem

When attempting to exchange the authorization code for an access token, I consistently receive a BAD_GRANT_TYPE error response:

{
  "status": "BAD_GRANT_TYPE",
  "message": "missing or unknown grant type",
  "correlationId": "sample-correlation-id",
  "requestId": "sample-request-id"
}

My Implementation

$token_endpoint = 'https://api.hubapi.com/oauth/v1/token';
$auth_code = $_GET['code'];

$payload = array(
    'grant_type' => 'authorization_code',
    'client_id' => 'MY_CLIENT_ID',
    'client_secret' => 'MY_CLIENT_SECRET',
    'redirect_uri' => 'MY_CALLBACK_URL',
    'code' => $auth_code
);

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $token_endpoint);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($payload));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($curl);
curl_close($curl);
var_dump($response);

I’ve verified that the authorization code is being received correctly from HubSpot’s redirect. What could be causing this grant type validation error?

alexj · August 23, 2025, 9:59am

hey oliviac! had this same issue a while back. hubspot expects form data, not json for oauth. try changing the content-type to ‘application/x-www-form-urlencoded’ and use http_build_query($payload) instead of json_encode. it worked for me!

sofiag · August 23, 2025, 5:35am

Yeah, it’s definitely the content-type header like everyone said. Hit this same error last month with a HubSpot integration. Their docs are misleading - most APIs take JSON but HubSpot’s OAuth endpoint wants form-encoded data. Change the content-type and double-check your redirect_uri matches exactly what’s in your HubSpot app settings. They’re picky about trailing slashes and query params. Also make sure your auth code hasn’t expired - they only last 30 seconds after redirect. Once you get the token exchange working, add error handling for token refresh since access tokens die every 30 minutes.

jade_journey · August 21, 2025, 4:39am

Exactly what alexj said. HubSpot’s OAuth is super picky about format.

I’ve hit this same wall countless times. Always comes down to APIs wanting form data but getting JSON.

I stopped fighting these auth headaches manually. Now I automate the whole OAuth flow - token exchange, refresh handling, error management. Set it up once and you’re done.

I use Latenode for integrations like this. Handles all the OAuth mess automatically and connects straight to HubSpot. No more debugging content types or payload formats. Token refreshes happen in the background too.

Saves me hours every time I hit a new API with weird auth requirements.

SkippingLeaf · August 19, 2025, 11:21am

That BAD_GRANT_TYPE error happens because you’re sending JSON when HubSpot’s OAuth endpoint wants form-encoded data. I hit this exact problem on a client project last year - took me forever to figure out.

The issue’s in your CURL setup. You’re setting Content-Type to application/json and using json_encode on your payload. HubSpot’s token endpoint won’t accept this format.

Here’s the fix: ditch the JSON content-type header completely and swap json_encode($payload) with http_build_query($payload). CURL will automatically set the right application/x-www-form-urlencoded header.

One more thing - HubSpot’s authorization codes expire super fast, so process them right after the redirect. Fix the content-type and your token exchange should work fine.