Authentication methods on HubSpot
HubSpot's APIs allow two means of authentication: OAuth and API keys. While most endpoints support both methods (unless the documentation for a specific endpoint says otherwise), OAuth is generally recommended. API keys are good for rapid prototyping or integrations designed for single-account use, but any integration designed for multi-customer use or listing on the App Marketplace must be built as an app using HubSpot’s OAuth protocol.
Here are two almost identical cURL requests to this endpoint. The only difference is the authentication method.
OAuth 2.0, which uses an access token in the Authorization header:
/~curl --header "Authorization: Bearer C4d***sVq" https://api.hubapi.com/crm/v3/objects/contacts?limit=10&archived=false
API key, which is added to the URL using the
hapikey= query parameter: