Authentication methods on HubSpot

HubSpot's APIs allow two means of authentication: OAuth and API keys. While most endpoints support both methods (unless the documentation for a specific endpoint says otherwise), OAuth is generally recommended. API keys are good for rapid prototyping or integrations designed for single-account use, but any integration designed for multi-customer use or listing on the App Marketplace must be built as an app using HubSpot’s OAuth protocol. 

Examples:

Here are two almost identical cURL requests to this endpoint. The only difference is the authentication method.

OAuth 2.0, which uses an access token in the Authorization header:
Shell script
/~curl --header "Authorization: Bearer C4d***sVq" 
https://api.hubapi.com/crm/v3/objects/contacts?limit=10&archived=false
API key, which is added to the URL using the hapikey= query parameter:
Shell script
/~curl 'https://api.hubapi.com/crm/v3/objects/contacts?limit=10&archived=false&hapikey=456***cfa'

Ready to authenticate your integration? Get started by creating a developer account. From there, you can build an app and authenticate it using OAuth, get your developer account API key, or create a test account (which has its own API key).


Related docs

Working with OAuth

OAuth Quickstart Guide