Reminder: As of August 9th, the demo API key will only be allowed to make GET requests. Please see the announcement for more details.

Validating requests from HubSpot

To ensure that the requests that your integration is receiving from HubSpot are actually coming from HubSpot, we populate two headers: X-HubSpot-Signature and X-HubSpot-Signature-Version.

The X-HubSpot-Signature header will contain the signature that will need to be verified. The method used to verify the signature will depend on the version of the signature.

The X-HubSpot-Signature-Version header will contain a version number, i.e. v2, that will indicate which method should be used to verify the signature included in X-HubSpot-Signature.

See the documentation pages below for details on verifying the different versions of the signature.

Validating the v1 request signature
Validating the v2 request signature