Authentication methods on HubSpot
HubSpot's APIs allow two means of authentication: OAuth and API keys. While most endpoints support both methods (unless the documentation for a specific endpoint notes otherwise), it's recommended that you use OAuth, or your app's access token, if you're making a request using a private app. API keys are good for rapid prototyping or integrations designed for single-account use, but any integration designed for multi-customer use or listing on the App Marketplace must be built as an app using HubSpot’s OAuth protocol.
The following cURL requests to this endpoint demonstrate the different authorization methods you can use:
OAuth 2.0, which uses an access token in the Authorization header:
/~curl --header "Authorization: Bearer C4d***sVq" https://api.hubapi.com/crm/v3/objects/contacts?limit=10&archived=false
Private app access token:
/~curl --header "Authorization: Bearer ***-***-*********-****-****-****-************" https://api.hubapi.com/crm/v3/objects/contacts?limit=10&archived=false
API key, which is added to the URL using the
hapikey= query parameter:
Ready to authenticate your integration? Get started by creating a developer account. From there, you can build an app and authenticate it using OAuth, get your developer account API key, or create a test account (which has its own API key).