Authentication methods on HubSpot

HubSpot's APIs allow two means of authentication: OAuth and API keys. While most endpoints support both methods (unless the documentation for a specific endpoint notes otherwise), it's recommended that you use OAuth, or your app's access token, if you're making a request using a private app. API keys are good for rapid prototyping or integrations designed for single-account use, but any integration designed for multi-customer use or listing on the App Marketplace must be built as an app using HubSpot’s OAuth protocol. 


The following cURL requests to this endpoint demonstrate the different authorization methods you can use:

OAuth 2.0, which uses an access token in the Authorization header:
Shell script
/~curl --header "Authorization: Bearer C4d***sVq"
Private app access token:
Shell script
/~curl --header "Authorization: Bearer ***-***-*********-****-****-****-************"
API key, which is added to the URL using the hapikey= query parameter:
Shell script
/~curl '***cfa'

Ready to authenticate your integration? Get started by creating a developer account. From there, you can build an app and authenticate it using OAuth, get your developer account API key, or create a test account (which has its own API key).

Related docs

Working with OAuth

OAuth Quickstart Guide

Private Apps