- In your HubSpot account, click the settings icon in the main navigation bar.
- In the left sidebar menu, navigate to Integrations > Private Apps.
- Click Create private app.
- On the Basic Info tab, configure the details of your app:
- Enter your app's name.
- Hover over the placeholder logo and click the upload icon to upload a square image that will serve as the logo for your app.
- Enter a description for your app.
- Click the Scopes tab.
- Select the Read or Write checkbox for each scope you want your private app to be able to access. You can also search for a specific scope using the Find a scope search bar.
- After you're done configuring your app, click Create app in the top right.
- In the dialog box, review the info about your app's access token, then click Continue creating.
Once you've created your app, you can start making API calls using the app's access token. If you need to edit your app's info or change its scopes, click Edit details.
To start making API calls, navigate to the details page of your app.
- On the Access token card, click Show token to reveal your access token. Click Copy to copy the token to your clipboard.
- You can then paste the access token to provide it to your developers, or use it yourself as you develop your app. When making a call to one of the HubSpot API endpoints, set the value of the Authorization field to Bearer [YOUR_TOKEN]. For example, if you're making a call to the Contacts API using Node.js and axios, the request would look like the following:
If you access token is lost or otherwise compromised, you can rotate the token. A new access token will be created and the original access token will expire.
- In your HubSpot account, click the Settings page in the main navigation bar.
- Navigate to Integrations > Private Apps.
- Click the name of your private app.
- Next to your access token, click Rotate:
- If your token is compromised and you want to immediately revoke access, click Rotate and expire now.
- If there's no imminent threat to your token, it's still recommended that you rotate your token every six months. If you're ready to initiate a regular rotation of your token, click Rotate and expire later, which will trigger an expiration of the token in 7 days.
- If your app is ready to transition earlier, you can click Expire now.
- If you decide you need more time, you can click Cancel rotation, which will cancel the expiration of the original token and revoke the new access token.
To review the API calls your app has made in the past 30 days:
- On the details page of your app, click the Logs tab.
- Review and filter your private app API calls:
- Click the Method and Response dropdown menus to filter your historical API calls by request method or response code.
- Click the start date or end date dropdown menus to narrow your call logs to a specific time range.
- You can also search for specific calls by URL in the Search by request URL search box.
- To export the API call logs, click Export logs (CSV).
- In the pop-up box, select the date range of API calls you want to export and click Export. You will receive an email with a download link when the export is ready.