There's a new version of the HubSpot API

As of November 30, 2022, HubSpot API keys are no longer a supported authentication method for accessing HubSpot APIs. Instead, you should use a private app access token or OAuth to authenticate API calls. Learn more about this change and how to migrate an API key integration to use a private app instead.

Do HubSpot APIs support CORS / AJAX requests?

For the most part, the HubSpot APIs do not support cross-origin (CORS) AJAX requests. Making the request client-side using JavaScript would expose any authentication you're using for the request. In order to use JavaScript/AJAX, you would need to make the request (excluding any authentication) to an external server that could then add the needed authentication and make requests to HubSpot's APIs server-side.

The exceptions to this rule are: