There's a new version of the HubSpot API
As of November 30, 2022, HubSpot API keys are no longer a supported authentication method for accessing HubSpot APIs. Instead, you should use a private app access token or OAuth to authenticate API calls. Learn more about this change and how to migrate an API key integration to use a private app instead.
To ensure that the requests that your integration is receiving from HubSpot are actually coming from HubSpot, we populate two headers: X-HubSpot-Signature
and X-HubSpot-Signature-Version
.
The X-HubSpot-Signature
header will contain the signature that will need to be verified. The method used to verify the signature will depend on the version of the signature.
The X-HubSpot-Signature-Version
header will contain a version number, i.e. v2
, that will indicate which method should be used to verify the signature included in X-HubSpot-Signature
.
See the documentation pages below for details on verifying the different versions of the signature.
Validating the v1 request signature |
Validating the v2 request signature |