Please note: as of November 30, 2022, HubSpot API Keys are being deprecated and are no longer supported. Continued use of HubSpot API Keys is a security risk to your account and data. During this deprecation phase, HubSpot may deactivate your key at any time.

You should instead authenticate using a private app access token or OAuth. Learn more about this change and how to migrate an API key integration to use a private app instead.

Authentication methods on HubSpot

There are two ways to authenticate calls to HubSpot's APIs: OAuth, and private app access tokens. Below, learn more about each method and how to include it in your code for authorization.

If you were previously using an API key to authenticate, learn how to migrate to using a private app access token instead.

Please note: integrations designed for multi-customer use or listing on the App Marketplace must be built as an app using HubSpot’s OAuth protocol


To make a request using OAuth, include the OAuth access token in the authorization header:

/~curl --header "Authorization: Bearer C4d***sVq"

Private app access tokens

Similar to OAuth, to make a request using a private app access token, include the token in the authorization header:

/~curl --header "Authorization: Bearer ***-***-*********-****-****-****-************"

Was this article helpful?
This form is used for documentation feedback only. Learn how to get help with HubSpot.