Sunset: Basic Authentication with Webhooks will be sunset March 1st

Community Manager

What’s happening?


In an effort to enforce the highest security standards,  basic authentication is being removed from webhooks. There’s a new, more secure way to help you verify your webhook requests coming from HubSpot. This is done with request signatures. Using request signatures, HubSpot will populate the webhook with an X-HubSpot-Signature header with a SHA-256 hash of the concatenation of the app-secret for your application and the request body.


More information on request signatures can be found here.

What’s changing?


When selecting to “use authentication” with a HubSpot webhook, the option for basic authentication will no longer be available. All users will need to use “request signatures” for webhook authentication.


When is this happening?


Basic authentication will be removed from HubSpot webhooks on March, 1, 2019.


Join the conversation, below!

0 Replies

No replies on this post just yet

No one has replied to this post quite yet. Check back soon to see if someone has a solution, or submit your own reply if you know how to help! Karma is real.

Reply to post

Need help replying? Check out our Community Guidelines