HubSpot currently offers two types of API authentication: OAuth and API Key access. All API users are encouraged to use OAuth for security purposes, and Featured Integrations are required to us this authentication method. If you're developing internally for your organization, you can generate a HubSpot API key here.
Note the difference between using OAuth and API keys in your calls, which is simply a difference in the authentication parameter used in your calls:
HubSpot currently offers three editions: Basic, Professional, and Enterprise. Direct API access is limited to Professional and Enterprise customers only, as well as access to eCommerce and CRM Integration applications. All of the HubSpot products, including Basic, do have access to the HubSpot APIs via OAuth, making the use of OAuth incredibly valuable for any public HubSpot app.
OAuth, (or Open Authorization) is an open standard for authorization. It allows users to share their private resources (e.g. leads, blog posts, prospects) stored on HubSpot with another site without having to hand out their credentials, typically username and password. Continue reading for more information on OAuth and how we've implemented it in HubSpot
If you aren't familiar with OAuth, you can read some of these resources before getting started:
The OAuth specification defines something called a "scope" which is a particular type of data access, also conceptually similar to a particular permission. This page defines the scopes we use here at HubSpot, and describes the experience that a typical user would have from using a HubSpot application with OAuth configured.
If your app or service is accessing the HubSpot APIs, you should use an OAuth Access Token to access user data instead of using an API Key. More on using OAuth in HubSpot apps on this page.
If your integration uses API keys or used the HubSpot Canvas for authentication, the following is meant to help you convert your app to our OAuth system.