Private apps

Private apps allow you to use HubSpot's APIs to access specific data from your HubSpot account. You can authorize what each private app can request or change in your account, which will generate an access token that's unique to your app. 

You must be a super admin to access private apps in your HubSpot account.

Please note: private apps do not support custom timeline events. Webhook support in private apps is currently in beta.

If you plan on building an app using custom timeline events, you should create a public app instead. Learn more about the differences between private and public apps.

Create a private app

  • In your HubSpot account, click the settings icon in the main navigation bar.
  • In the left sidebar menu, navigate to Integrations > Private Apps.
  • Click Create private app.
  • On the Basic Info tab, configure the details of your app:
    • Enter your app's name.
    • Hover over the placeholder logo and click the upload icon to upload a square image that will serve as the logo for your app.
    • Enter a description for your app.
  • Click the Scopes tab.
  • Select the Read or Write checkbox for each scope you want your private app to be able to access. You can also search for a specific scope using the Find a scope search bar.
  • After you're done configuring your app, click Create app in the top right.

updated-read-write-scope-config-private-apps

  • In the dialog box, review the info about your app's access token, then click Continue creating.

Once you've created your app, you can start making API calls using the app's access token. If you need to edit your app's info or change its scopes, click Edit details.

edit-details-of-private-app

 

Make API calls with your app's access token

To start making API calls, navigate to the details page of your app.

  • On the Access token card, click Show token to reveal your access token. Click Copy to copy the token to your clipboard.

show-private-app-access-token-1

  • You can then paste the access token to provide it to your developers, or use it yourself as you develop your app. When making a call to one of the HubSpot API endpoints, set the value of the Authorization field to Bearer [YOUR_TOKEN]. For example, if you're making a call to the Contacts API using Node.js and axios, the request would look like the following:
axios.get('https://api.hubapi.com/crm/v3/objects/contacts', { headers: { 'Authorization': `Bearer ${YOUR_TOKEN}`, 'Content-Type': 'application/json' } }, (err, data) => { // Handle the API response } );
  • Private app access tokens are implemented on top of OAuth, so you can also make authenticated calls with your access token using one of HubSpot's client libraries. For example, if you're using the Node.js client library, you can instantiate an OAuth client by passing in your app's access token:
const hubspotClient = new hubspot.Client({ accessToken: YOUR_ACCESS_TOKEN });

View private app access token information

To view information about a private app's access token, such as the Hub ID and scopes associated with the token, make a POST request to /oauth/v2/private-apps/get/access-token-info. In the request body, include your access token:

// POST request response body { "tokenKey": {{accessToken}} }

The response will include information about the user who created the token, the Hub ID of the account, the private app ID, and the scopes associated with the token.

// Example response body { userId:123456, hubId:1020304, appId:2011410, scopes:[ "oauth", "crm.schemas.companies.write"] }

Rotate your access token

If you access token is lost or otherwise compromised, you can rotate the token. A new access token will be created and the original access token will expire.

  • In your HubSpot account, click the Settings page in the main navigation bar.
  • Navigate to IntegrationsPrivate Apps.
  • Click the name of your private app.
  • Next to your access token, click Rotate:
    • If your token is compromised and you want to immediately revoke access, click Rotate and expire now.
    • If there's no imminent threat to your token, it's still recommended that you rotate your token every six months. If you're ready to initiate a regular rotation of your token, click Rotate and expire later, which will trigger an expiration of the token in 7 days.
      • If your app is ready to transition earlier, you can click Expire now.
      • If you decide you need more time, you can click Cancel rotation, which will cancel the expiration of the original token and revoke the new access token.

rotate-private-app-access-token

 

View API call logs

To review the API calls your app has made in the past 30 days:

  • On the details page of your app, click the Logs tab.
  • Review and filter your private app API calls:
    • Click the Method and Response dropdown menus to filter your historical API calls by request method or response code.
    • Click the start date or end date dropdown menus to narrow your call logs to a specific time range.
    • You can also search for specific calls by URL in the Search by request URL search box.

review-private-app-call-logs

  • To export the API call logs, click Export logs (CSV). Then, specify a date range (up to the past 30 days) and click Export.
  • In the pop-up box, select the date range of API calls you want to export and click Export. You will receive an email with a download link when the export is ready. 

Private app limits

You can create up to 20 private apps in your HubSpot account. Each private app is subject to HubSpot's API usage guidelines. The number of calls your private app can make is based on your account subscription and whether you've purchased the API add-on:

  Product Tier Per 10 Seconds Per Day
Private Apps

(Any Hub)

Free and Starter

100 / private app 250,000 / account
 

(Any Hub)

Pro and Enterprise

150 / private app 500,000 / account
Private Apps with API Add-on

(Any Hub)

Free, Starter, Professional, and Enterprise

200 / private app 1,000,000 / account

If you have both a Starter and Professional plan, limits for the higher tier (Professional) apply to your account. 

Delete a private app

When you delete one of your private apps, its access token will be permanently revoked and you'll no longer be able to use it to make API calls.

To delete an app:

  • In your HubSpot account, click the settings icon in the main navigation bar.
  • Click the name of your private app.
  • At the bottom of the page, click Delete [name of your app].
  • In the dialog box, type the name of your app to confirm its deletion, then click Delete.