There's a new version of the HubSpot API

As of November 30, 2022, HubSpot API keys are no longer a supported authentication method for accessing HubSpot APIs. Instead, you should use a private app access token or OAuth to authenticate API calls. Learn more about this change and how to migrate an API key integration to use a private app instead.

API Usage Guidelines

The HubSpot public endpoints are powered by the same underlying technology as the core HubSpot application. As a result, HubSpot engineering closely monitors usage of the public APIs to ensure a quality experience for users.

Below, you'll find the limits by which a single integration (as identified by an access token) can consume the HubSpot public APIs. If you have any questions, please post them in the developer forum.

  • All integrations must comply with the HubSpot Acceptable Use Policy and API Terms
  • HubSpot has the following limits in place for API requests:
    • Daily limits reset at midnight based on the HubSpot account's time zone setting.
      Product tier  Limits
      Free & Starter
      • Burst: 100/10 seconds
      • Daily: 250,000
      Professional & Enterprise
      • Burst: 150/10 seconds
      • Daily: 500,000
      API add-on (any tier)
      • Burst: 200/10 seconds
      • Daily: 1,000,000
    • Integrations using OAuth are only subject to the limit of 100 requests per 10 seconds. The limits related to the API add-on don't apply to integrations using OAuth.
  • Integrations exceeding their limits will receive error responses with a 429 response code. Please see this page for more details about those errors, and suggestions for working with the request limits.
  • Integrations that poll HubSpot for new or updated information are limited to polling for those changes at intervals of five minutes or more.
  • Requests resulting in an error response may not exceed 5% of your total requests. If you plan on listing your app in our App Marketplace, it must stay under this 5% limit to be certified.
  • Integrations should use HubSpot's OAuth protocol.
  • Integrators must store time-to-live (TTL) data for OAuth access tokens, which will be returned to you in an expires_in parameter whenever you generate an access token. Unauthorized (401) requests are not a valid indicator that a new access token must be retrieved.
  • Integrators should use their own public and documented APIs when working with the HubSpot APIs.
  • We reserve the right to change or deprecate the APIs over time - we will provide developers ample notification in those cases. These notifications will be provided through our developer changelog.
  • You may create no more than 100 applications per developer account.
  • You may create no more than 1000 webhook subscription per application.
  • You may create no more than 25 CRM Extension settings per application.
  • You may create no more than 750 Timeline Event Types per application.
  • You may create no more than 500 properties per Timeline Event Type.