There's a new version of the HubSpot API

Starting November 30, 2022, API keys will be sunset as an authentication method. Learn more about this change and how to migrate an API key integration to use a private app instead.

API Usage Guidelines

The HubSpot public endpoints are powered by the same underlying technology as the core HubSpot application. As a result, HubSpot engineering closely monitors usage of the public APIs to ensure a quality experience for users.

Below, you'll find the limits by which a single integration (as identified by an access token) can consume the HubSpot public APIs. If you have any questions, please post them in the developer forum.

  • All integrations must comply with the HubSpot Acceptable Use Policy and API Terms
  • HubSpot has the following limits in place for API requests:
    • Integrations using API keys are subject to the daily limits below. Daily limits reset at midnight based on the HubSpot account's time zone setting.
      Product tier  Limits
      Free & Starter
      • Burst: 100/10 seconds
      • Daily: 250,000
      Professional & Enterprise
      • Burst: 150/10 seconds
      • Daily: 500,000
      API add-on (any tier)
      • Burst: 200/10 seconds
      • Daily: 1,000,000
    • Integrations using OAuth are only subject to the limit of 100 requests per 10 seconds. The limits related to the API add-on don't apply to integrations using OAuth.
  • Integrations exceeding their limits will receive error responses with a 429 response code. Please see this page for more details about those errors, and suggestions for working with the request limits.
  • Integrations that poll HubSpot for new or updated information are limited to polling for those changes at intervals of five minutes or more.
  • Requests resulting in an error response may not exceed 5% of your total requests. If you plan on listing your app in our App Marketplace, it must stay under this 5% limit to be certified.
  • Integrations should use HubSpot's OAuth protocol.
  • Integrators must store time-to-live (TTL) data for OAuth access tokens, which will be returned to you in an expires_in parameter whenever you generate an access token. Unauthorized (401) requests are not a valid indicator that a new access token must be retrieved.
  • Integrators should use their own public and documented APIs when working with the HubSpot APIs.
  • We reserve the right to change or deprecate the APIs over time - we will provide developers ample notification in those cases. These notifications will be provided through our developer changelog.
  • You may create no more than 100 applications per developer account.
  • You may create no more than 1000 webhook subscription per application.
  • You may create no more than 25 CRM Extension settings per application.
  • You may create no more than 750 Timeline Event Types per application.
  • You may create no more than 500 properties per Timeline Event Type.