Authentication methods on HubSpot

HubSpot's APIs allow two means of authentication: OAuth and API keys. While most endpoints support both methods (unless the documentation for a specific endpoint notes otherwise), it's recommended that you use OAuth, or your app's access token, if you're making a request using a private app. API keys are good for rapid prototyping or integrations designed for single-account use, but any integration designed for multi-customer use or listing on the App Marketplace must be built as an app using HubSpot’s OAuth protocol. 

Examples:

The following cURL requests to this endpoint demonstrate the different authorization methods you can use:

OAuth 2.0, which uses an access token in the Authorization header:
Shell script
/~curl --header "Authorization: Bearer C4d***sVq" 
https://api.hubapi.com/crm/v3/objects/contacts?limit=10&archived=false
Private app access token:
Shell script
/~curl --header "Authorization: Bearer ***-***-*********-****-****-****-************" 
https://api.hubapi.com/crm/v3/objects/contacts?limit=10&archived=false
API key, which is added to the URL using the hapikey= query parameter:
Shell script
/~curl 'https://api.hubapi.com/crm/v3/objects/contacts?limit=10&archived=false&hapikey=456***cfa'

Ready to authenticate your integration? Get started by creating a developer account. From there, you can build an app and authenticate it using OAuth, get your developer account API key, or create a test account (which has its own API key).


Related docs

Working with OAuth

OAuth Quickstart Guide

Private Apps