Authentication Overview

HubSpot's APIs allow for two means of authentication, OAuth and API keys.  API keys are great for rapid prototyping, but for security and commercial use, all integrations designed to be used by multiple HubSpot customers should use OAuth - this is required for becoming a featured integration.

Unless otherwise mentioned in the documentation for a specific endpoint, all endpoints support both OAuth and API keys. Below are examples of making the same request (using cURL), with different types of authentication. Aside from the authentication used, the requests are identical and would return the same results.

In each example, the request is being made to this endpoint (documented here):

GET https://api.hubapi.com/contacts/v1/lists/all/contacts/all

Using OAuth 2.0, which uses the Authorization header:

➜ ~ curl -H "Authorization: Bearer C4dkfOmLBICAwEYjs8DOi1hQIyGQA_AmtaHB75Y24AWDGwKH-UfeG8K97k6CQA7AkH_BwyAB0IZAD8Ca1pV2oh0KY2wsrgtWB_bpeqEsVq" https://api.hubapi.com/contacts/v1/lists/all/contacts/all

Using an API key, which is added to the URL using the hapikey= query parameter:

➜  ~ curl https://api.hubapi.com/contacts/v1/lists/all/contacts/all\?hapikey\=demo

API keys are great for rapid prototyping, but for security and commercial use, all integrations should strive to use OAuth. The best way to get started is by creating a developer accounts.  From this developer account you can spin up test accounts which have their own API keys. You can also create an Application from the developer account to get started with OAuth. 

Once you've created your account and have OAuth credentials, view initiating OAuth and this quickstart guide to get started.

 

Docs for this section or API