There's a new version of the HubSpot API

Check out the new API

As of November 30, 2022, HubSpot API keys are no longer a supported authentication method for accessing HubSpot APIs. Instead, you should use a private app access token or OAuth to authenticate API calls. Learn more about this change and how to migrate an API key integration to use a private app instead.

Validating requests from HubSpot

To ensure that the requests that your integration is receiving from HubSpot are actually coming from HubSpot, we populate two headers: X-HubSpot-Signature and X-HubSpot-Signature-Version.

The X-HubSpot-Signature header will contain the signature that will need to be verified. The method used to verify the signature will depend on the version of the signature.

The X-HubSpot-Signature-Version header will contain a version number, i.e. v2, that will indicate which method should be used to verify the signature included in X-HubSpot-Signature.

See the documentation pages below for details on verifying the different versions of the signature.

Validating the v1 request signature
Validating the v2 request signature

 

About

Jobs

Learn Inbound

Support

Locations

HubSpot, Inc.
25 First Street, 2nd Floor
Cambridge, MA 02141
European Headquarters
Ground Floor, Two Dockland Central
Guild Street, Dublin 1
Asia/Pacific Office
20 Hunter St, Level 7
Sydney NSW 2000
View our other locations