There's a new version of the HubSpot API

We're also working on a new documentation website, you're invited to check it out and give us your feedback.

Authentication Overview

Please note: as of November 30, 2022, HubSpot API keys are no longer a supported authentication method for accessing HubSpot APIs. Instead, you should use a private app access token or OAuth to authenticate API calls. Learn more about this change and how to migrate an API key integration to use a private app instead.

There are two ways to authenticate calls to HubSpot's APIs: OAuth and private app access tokens access tokens. 

When building an integration, keep the in mind that integrations designed for multi-customer use or listing on the App Marketplace must be built as an app using HubSpot’s OAuth protocol

Unless documentation for a specific endpoint says otherwise, all endpoints support both OAuth and API keys. Below are examples of the same cURL request using each authentication method. Aside from authentication, the requests are identical and would return the same results.

In each example, the request is being made to this endpoint (documented here):


Using OAuth 2.0, which uses the Authorization header:

➜ /~curl --header "Authorization: Bearer C4d***sVq"

Using a private app access token, which uses the Authorization header:

➜ /~curl --header "Authorization: Bearer ***-***-*********-****-****-****-************"


Once you've created your account and have OAuth credentials, check out initiating OAuth and this Quickstart guide.