Skip to main content
HubSpot’s remote MCP server lives at https://mcp.hubspot.com and connects over OAuth — but not the one-click kind. HubSpot requires you to pre-register an MCP auth app in your account first, then hand MCP Manager the resulting Client ID and Client Secret before the OAuth consent screen appears.
When you paste https://mcp.hubspot.com and click Continue, MCP Manager’s authentication detection lands on OAuth with client pre-registration — HubSpot’s server speaks OAuth 2.1 with PKCE but does not support dynamic client registration, so you supply a Client ID and Secret, then approve consent.
This guide is a convenience based on HubSpot’s setup at the time of writing. HubSpot’s own MCP documentation is authoritative and may be more current. The requirements below — creating an MCP auth app, the redirect URL, OAuth with PKCE — come from HubSpot, not from MCP Manager. If a step here has drifted or a connection problem is specific to how HubSpot works, HubSpot support is the fastest path to an answer.

Before you start

Most of the work here is HubSpot-side prep. Bring the following before you open MCP Manager:
  • A HubSpot account with access to the Development section. You create the MCP auth app under Development → MCP Auth Apps, so you need an account where that area is available to you.
  • A Client ID and Client Secret from an MCP auth app. HubSpot’s remote server does not register clients on the fly; you must create the app first and copy both values from its details page.
  • A redirect URL for the OAuth flow. HubSpot’s app form requires one. MCP Manager acts as the OAuth client here, so use its callback URL (shown in the connect flow) rather than a placeholder.
  • The MCP server URLhttps://mcp.hubspot.com. There is no region or per-account variant; everyone uses the same host.
You do not configure scopes when creating the app. HubSpot determines available scopes automatically from the tools in the MCP server and from the permissions each user grants at install time — so access is always bounded by what that user can already see and do in HubSpot.

Connect the server

1

Open the MCP Auth Apps area in HubSpot

In your HubSpot account, go to Development → MCP Auth Apps in the left sidebar, then click Create MCP auth app.
2

Set the redirect URL

HubSpot asks for the URL to use for OAuth authentication — the address users return to after granting permission. Enter MCP Manager’s OAuth callback URL, which is shown in the connect flow when detection resolves to client pre-registration. Save the app.
3

Copy the Client ID and Client Secret

After the app is created, both the Client ID and Client Secret appear on the app’s details page. Copy both now — you’ll paste them into MCP Manager. Treat the secret like a password.
4

Add the server in MCP Manager

On the Servers page, add a server, paste https://mcp.hubspot.com, and click Continue. Detection resolves to OAuth with client pre-registration; provide the two values:
FieldValue
Client IDfrom the MCP auth app’s details page
Client Secretfrom the MCP auth app’s details page
5

Approve the OAuth consent screen

With the Client ID and Secret in place, MCP Manager runs the OAuth handshake (OAuth 2.1 with PKCE). Each connecting user signs in to HubSpot and approves the consent screen. Tool calls then run as that user’s own HubSpot identity, limited to records they can already access. The server’s tools are now available to add to a gateway.

Gotchas & things to keep in mind

  • The Client ID and Secret are not credentials, they’re the app registration. Supplying them does not log you in — it tells HubSpot which pre-registered app MCP Manager is acting as. Each user still authenticates individually through the OAuth screen.
  • The redirect URL must match exactly. HubSpot validates the callback against the one you saved on the app. Use the callback MCP Manager shows in the connect flow; a mismatch fails the handshake.
  • You don’t pick scopes. Available scopes come from the MCP server’s tools at install time plus the permissions each user grants. There is no scope list to configure or get wrong.
  • Access is per-user, bounded by HubSpot permissions. Because each user approves their own OAuth grant, this is per-user identity — actions are attributable to the individual and limited by what they can already do in HubSpot. Choose Private versus Global availability accordingly; see per-user versus shared identity.
  • Sensitive Data blocks some objects. If your HubSpot account has Sensitive Data turned on, activity objects are blocked from access through the MCP server. This is a HubSpot-side limitation, not an MCP Manager one.
  • The client must support OAuth with PKCE. MCP Manager handles the PKCE handshake for you; the requirement is HubSpot’s, and it’s why the plain OAuth one-click path doesn’t apply.

Further reading

Find & Connect MCP Servers

How MCP Manager detects authentication type, and how to find other servers’ URLs.

How MCP Manager authenticates

What client pre-registration and per-user OAuth mean for the identity behind each call.

Identities for remote servers

Private versus Global availability for the connection you just created.

Connect your AI client

Point Claude, Cursor, or another client at the gateway once HubSpot is connected.

External sources

HubSpot MCP Server

HubSpot’s authoritative overview of the remote MCP server — availability, capabilities, and OAuth requirements.

Integrate AI tools with the HubSpot MCP server

HubSpot’s own setup steps for creating an MCP auth app and connecting a client with OAuth and PKCE.