> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Connect HubSpot

> Connect HubSpot's remote MCP server to MCP Manager: create an MCP auth app in HubSpot to get a Client ID and Client Secret, supply them when MCP Manager's detection lands on OAuth client pre-registration, and approve the OAuth screen so tool calls run as each user's own HubSpot identity.

HubSpot's remote MCP server lives at `https://mcp.hubspot.com` and connects over OAuth — but not the one-click kind. HubSpot requires you to **pre-register an MCP auth app** in your account first, then hand MCP Manager the resulting **Client ID** and **Client Secret** before the OAuth consent screen appears.

<Note>
  When you paste `https://mcp.hubspot.com` and click **Continue**, MCP Manager's [authentication
  detection](/mcp-server-guides/overview#how-mcp-manager-detects-the-authentication-type) lands on **OAuth with client pre-registration** — HubSpot's
  server speaks OAuth 2.1 with PKCE but does not support dynamic client registration, so you supply a Client ID and Secret, then approve consent.
</Note>

<Info>
  This guide is a convenience based on HubSpot's setup at the time of writing. **HubSpot's own [MCP documentation](https://developers.hubspot.com/mcp)
  is authoritative** and may be more current. The requirements below — creating an MCP auth app, the redirect URL, OAuth with PKCE — come from
  HubSpot, not from MCP Manager. If a step here has drifted or a connection problem is specific to how HubSpot works, **HubSpot support** is the
  fastest path to an answer.
</Info>

## Before you start

Most of the work here is HubSpot-side prep. Bring the following before you open MCP Manager:

* **A HubSpot account with access to the Development section.** You create the MCP auth app under **Development → MCP Auth Apps**, so you need an account where that area is available to you.
* **A Client ID and Client Secret from an MCP auth app.** HubSpot's remote server does not register clients on the fly; you must create the app first and copy both values from its details page.
* **A redirect URL for the OAuth flow.** HubSpot's app form requires one. MCP Manager acts as the OAuth client here, so use its callback URL (shown in the connect flow) rather than a placeholder.
* **The MCP server URL** — `https://mcp.hubspot.com`. There is no region or per-account variant; everyone uses the same host.

<Tip>
  You do **not** configure scopes when creating the app. HubSpot determines available scopes automatically from the tools in the MCP server and from
  the permissions each user grants at install time — so access is always bounded by what that user can already see and do in HubSpot.
</Tip>

## Connect the server

<Steps>
  <Step title="Open the MCP Auth Apps area in HubSpot">
    In your HubSpot account, go to **Development → MCP Auth Apps** in the left sidebar, then click **Create MCP auth app**.
  </Step>

  <Step title="Set the redirect URL">
    HubSpot asks for **the URL to use for OAuth authentication** — the address users return to after granting permission. Enter MCP Manager's OAuth
    callback URL, which is shown in the connect flow when detection resolves to client pre-registration. Save the app.
  </Step>

  <Step title="Copy the Client ID and Client Secret">
    After the app is created, both the **Client ID** and **Client Secret** appear on the app's details page. Copy both now — you'll paste them into MCP
    Manager. Treat the secret like a password.
  </Step>

  <Step title="Add the server in MCP Manager">
    On the [Servers](https://app.mcpmanager.ai/settings/servers) page, add a server, paste `https://mcp.hubspot.com`, and click **Continue**. Detection resolves to **OAuth with client pre-registration**; provide the two values:

    | Field         | Value                                |
    | ------------- | ------------------------------------ |
    | Client ID     | from the MCP auth app's details page |
    | Client Secret | from the MCP auth app's details page |
  </Step>

  <Step title="Approve the OAuth consent screen">
    With the Client ID and Secret in place, MCP Manager runs the OAuth handshake (OAuth 2.1 with PKCE). Each connecting user signs in to HubSpot and approves the consent screen. Tool calls then run as that user's own HubSpot identity, limited to records they can already access. The server's tools are now available to add to a gateway.
  </Step>
</Steps>

## Gotchas & things to keep in mind

* **The Client ID and Secret are not credentials, they're the app registration.** Supplying them does not log you in — it tells HubSpot which pre-registered app MCP Manager is acting as. Each user still authenticates individually through the OAuth screen.
* **The redirect URL must match exactly.** HubSpot validates the callback against the one you saved on the app. Use the callback MCP Manager shows in the connect flow; a mismatch fails the handshake.
* **You don't pick scopes.** Available scopes come from the MCP server's tools at install time plus the permissions each user grants. There is no scope list to configure or get wrong.
* **Access is per-user, bounded by HubSpot permissions.** Because each user approves their own OAuth grant, this is per-user identity — actions are attributable to the individual and limited by what they can already do in HubSpot. Choose **Private** versus **Global** availability accordingly; see [per-user versus shared identity](/security/authentication-and-identity#per-user-identity-versus-shared-identity).
* **Sensitive Data blocks some objects.** If your HubSpot account has Sensitive Data turned on, activity objects are blocked from access through the MCP server. This is a HubSpot-side limitation, not an MCP Manager one.
* **The client must support OAuth with PKCE.** MCP Manager handles the PKCE handshake for you; the requirement is HubSpot's, and it's why the plain OAuth one-click path doesn't apply.

## Further reading

<CardGroup cols={2}>
  <Card title="Find & Connect MCP Servers" icon="compass" href="/mcp-server-guides/overview">
    How MCP Manager detects authentication type, and how to find other servers' URLs.
  </Card>

  <Card title="How MCP Manager authenticates" icon="key" href="/security/authentication-and-identity#how-mcp-manager-authenticates-to-a-server">
    What client pre-registration and per-user OAuth mean for the identity behind each call.
  </Card>

  <Card title="Identities for remote servers" icon="id-badge" href="/mcp-gateway-concepts/mcp-servers/remote#identities-for-remote-servers">
    Private versus Global availability for the connection you just created.
  </Card>

  <Card title="Connect your AI client" icon="plug" href="/tutorials/connect-your-ai-client">
    Point Claude, Cursor, or another client at the gateway once HubSpot is connected.
  </Card>
</CardGroup>

## External sources

<CardGroup cols={2}>
  <Card title="HubSpot MCP Server" icon="hubspot" href="https://developers.hubspot.com/mcp">
    HubSpot's authoritative overview of the remote MCP server — availability, capabilities, and OAuth requirements.
  </Card>

  <Card title="Integrate AI tools with the HubSpot MCP server" icon="gear" href="https://developers.hubspot.com/docs/apps/developer-platform/build-apps/integrate-with-the-remote-hubspot-mcp-server">
    HubSpot's own setup steps for creating an MCP auth app and connecting a client with OAuth and PKCE.
  </Card>
</CardGroup>
