Service Keys are now available in public beta as a new authentication option for account-level, system-to-system integrations. This feature is intended to replace legacy private apps and is built on HubSpot’s modern Developer Platform infrastructure.
What's changing
Service Keys introduce a simplified way to create and manage API credentials without building a full app, while maintaining strong security and access controls.
Service Keys are designed specifically for:
- System-to-system integrations
- BI and analytics tools (e.g., Tableau, Power BI)
- Data warehouses
- Internal automation and reporting workflows
As part of this release, Service Keys are replacing functionality legacy private apps served. Service Keys should be used going forward.
Replacement for legacy private apps
Service Keys are intended to replace legacy private apps where:
- OAuth-based authorization is unnecessary
- Webhooks are not required
Service Keys do not support webhooks. If your integration requires webhooks, you must use a project-based app created with the HubSpot CLI, or continue using a legacy private app.
Legacy private apps remain available for now, but customers building new system-to-system integrations should use Service Keys.
Scope and permissions model
Service Keys follow a permission model aligned with existing account access:
- Creating a Service Key requires Developer Tools access
- A key can only be granted scopes the creating user already has
- Each key is limited to the specific scopes selected. Additional scopes can be added as needed
This ensures users cannot escalate privileges beyond their existing permissions.
When a Service Key is created, Integrations continue to function even if the original creator leaves the account. Admins retain access to the Service Key and API access is not tied to an individual employee.
Managing Service Keys
Service Keys can be found at Settings > Integrations > Service Keys or by navigating to Development > Keys > Service Keys from the main sidebar.
Admins can:
- Create keys with descriptive names
- View last-used timestamps and API activity
- Rotate keys with a 7 day grace period
- Rename or delete keys as integrations change
Limitations
Service Keys do not support all app capabilities.
- Webhooks are not supported
- If your integration requires webhooks, use a project-based app or continue using a legacy private app
Learn more about Service Keys and other methods of authentication in the Developer Documentation.
When is it happening?
This feature is available in public beta starting February 10th, 2026.
Questions or comments? Join us in the developer forums.