Announcing new recommendations for HubSpot API Key handling best practices
In the next few weeks, you may receive an email and in app notification reminding you to rotate your HubSpot API Key. These notifications will appear when your API key has gone several months without rotation.
Why is this happening?
Your account security is a top priority at HubSpot, and helping our developer community follow security best practices is important to us. Since HubSpot API Keys provide unrestricted access to your account, HubSpot recommends rotating them at least every six months to improve account security. To aid in this effort, we’ll be sending reminders, via email and in-app notification, towards the end of that six month period. We’re also creating tools on the API Key generation page to aid in this rotation.
You can learn more about API Keys here. On that page there is information about how to find your API Key (if you have one) and see its Audit Log. In this log you can see how old your key is. This knowledge base article will contain information on how to rotate your key when the time comes.
While it is strongly recommended, it is not required that you rotate your API Key. If you choose not to, nothing will change and your API Key-based integrations will continue to work as normal.
When is this happening?
This new feature will be rolling out over the next few weeks.
If you have any questions or concerns, join in the discussion below.