App Listing and App Certification Requirement Updates for May 2026

We're updating the requirements for listed and certified apps in the HubSpot Marketplace to align with current platform standards and deprecations. These updates ensure that apps stay compatible with HubSpot's evolving platform and APIs, providing customers with a more reliable, secure experience.

Unsupported developer platform + API versioning requirements

HubSpot releases a new version of its developer platform and REST APIs every 6 months (March and September). Each release includes a transition period before previous versions become unsupported. To ensure apps are built on supported, up-to-date platform versions:

• Use of supported versions: Apps must use a currently supported version of HubSpot’s developer platform and APIs (latest version recommended).

• Marketplace listings: New apps built on unsupported platform versions will be rejected from being listed
• Certification & recertification: Apps must be on a supported developer platform and API version at the time of review. A defined remediation window will be provided if updates are required.

Enforcement timeline:

• Starting November 2, 2026:
• Apps must be on a supported developer platform version (v2025.2 or v2026.03).
• Apps using legacy apps or Projects 2023.2 / 2025.1
• will be rejected for new listings
• Apps undergoing certification or recertification will have ~60 days to migrate to a supported version
• Starting March 2027:
• v4 APIs will become unsupported
• Apps undergoing certification or recertification will have ~60 days to migrate

Legacy CRM card deprecation requirements

Legacy CRM cards will be fully deprecated on October 31, 2026. To support this transition:

• Effective immediately, legacy CRM cards are no longer permitted for new app listings, certifications, or recertification submissions.
• If your app currently uses legacy CRM cards, you must migrate to app cards to be eligible.
• All other listed and certified apps must migrate by October 31, 2026.

Uninstall app endpoint usage requirement

For all new app certification submissions and apps undergoing recertification, your app must use the Uninstall App API endpoint: DELETE /appinstalls/v3/external-install

This endpoint requires an active OAuth access token and fully removes your app from a customer's HubSpot account, including all associated features and webhooks. Upon a successful uninstall, super admins in the account will receive an email notification with a link to reinstall the app if needed.

Apps must use OAuth v3 endpoints

Effective immediately, all new app listings, certification submissions, and apps undergoing recertification, must use the new OAuth v3 endpoints.

OAuth v1 endpoints are being deprecated and will be replaced by the latest OAuth API endpoints, which are exposed in date-based versions:

• POST /oauth/2026-03/token - authorization code & refresh token exchange
• POST /oauth/2026-03/token/introspect - token introspection (access & refresh tokens)
• POST /oauth/2026-03/token/revoke - token revocation (refresh tokens)

Token access and storage security questionnaire

For certification and recertification, developers must now complete a security questionnaire*. This questionnaire will ask a series of questions regarding OAuth token access and storage. Key areas covered include: encryption, access controls, and token lifecycle management.

* The questionnaire extends beyond certification and will also be implemented for other programs, such as requesting access to sensitive data scopes.

Testing credentials no longer required for app listing

As of March 31, 2026, testing credentials no longer need to be provided for app listing submissions.

• This reduces partner effort and improves security by eliminating the need to share and store sensitive login information.
• Instead, demo videos or guided walkthroughs demonstrating core user flows, configuration, and permission usage should be provided.

See the updated marketplace listing requirements and certification requirements for more details.

If you have any questions or comments, please join the discussion in our community.