As a result of this change, integrations will instead be required to work with Private Apps. Private Apps offer tighter security and allow more granular control over your integrations and account data than legacy API keys.
What this means for developers:
With the introduction of Private Apps, users who previously developed on HubSpot and utilized API Keys will now be required to migrate existing integrations from using API Key authentication to using Private Apps instead. Instructions for how to migrate existing integrations can be found here.
Why the Change?
Private Apps allow you to set up a separate static access token for each integration. Private App access tokens are also scoped like OAuth access tokens, so you can control the access that each integration has to your HubSpot account.
Private Apps work much the same as API key integrations do, with the main change being that they use a static access token in the Authorization HTTP header, instead of using the API key in a query parameter to authorize the API request. No other changes should be required of your integration aside from updating the authentication method.
If your integration is intended to be used by multiple HubSpot accounts, you must update your integration to be a Public App using OAuth 2.0. Private Apps cannot be used for multi-account apps. OAuth 2.0 provides the same security features as Private Apps, but provides a much better experience for HubSpot users, allowing them to quickly connect their HubSpot account to your app without additional code.
When is this change happening?
After November 30, we will begin the process of deprecating API Keys and your API keys will no longer be supported by HubSpot. You will therefore be using API keys at your own risk.
As of July 15, 2022, we no longer allowed new API keys to be created. Existing API keys will work until November 30th, but accounts which did not have an API key, as of July 15, 2022, will not have access to create a new API key.
Developer Account API Keys, for configuring public apps, will still be available for use in Developer Accounts after November 30, 2022 and will not be affected by the API Key Sunset.
The migration guide linked above will remain your source of truth for information and questions regarding the API key sunset. If you have a question which hasn't been answered, reach out to Customer Support.
I see lots of non-developers on this thread. It would have been nice to have some more plain language explanation for those of us non-developers who keep getting sent warning messages. There is a question above which has not been answered yet - does this affect the Forms API?
But it is not the APIs themselves that you should look into but the authentication method to make request to the APIs
There is 3 authentication method to access HubSpot APIs
- oAuth (or public app such as those you can find in the HubSpot app marketplace ) - private app - API keys (this one is getting deprecated)
So, if you want to know if you are affected by this deprecation, go to: Settings > integrations > API key > call logs
If you see recent logs in the table you need to find what program is doing the requests you see in the log and migrate those call to a public app or private app (private app is most likely the best solution)
All of the documentation I have reviewed regarding the required migration to Private Apps seems to refer to version V3 of the API. Many of my API calls are still using V1 or V2. Can I leave these V1 and V2 calls alone (except for needed changes to use the Private App security approach), or must I simultaneously migrate these calls from V1 and V2 to V3? If possible I'd rather not change both security and API versions both at once.
Hey, @KSM👋 It sounds like you have a couple of related questions.
I will answer them below:
Q1 — Are you asking if you can continue to use v1 and v2 endpoints after the sunset? If so, unless explicitly flagged any v1/v2/Legacy endpoints are stable and supported unless marked for depreciation.
Q2 — Aside from updating your Authorization method, from HAPI key to Private Apps, you can use the same endpoints. Unless there is a compelling reason to switch from v1/Legacy endpoint to a newer version, there is not an immediate need.
Please reach out to me if you require any additional details or if I can clarify things.
I noticed the post says "users who previously developed on HubSpot... will now be required to migrate..." Does this change only affect those who utilize HubSpot CMS? I'm not a developer, so I'm trying to figure out how this might affect my company.
I'm not a developer, so I don't know how this sunset will affect my HubSpot account connections. I do not have any specialized apps that were built for my company. I connect to Zapier and apps from the Marketplace like DocuSign and Stripe. Will these connections be affected?
I'm not a developer, so I don't know if/how this will affect my company. I connect HubSpot to Zapier and apps that are in HubSpot Marketplace like DocuSign and Stripe. I don't have any custom integrations built on the HubSpot developer side. Just what's already out there in the Marketplace. Does the sunset mean I will not be able to connect to these other apps? If so, since HubSpot is mandating this change, I'm assuming HubSpot will also provide the technical assistance I need to make the necessary changes.
I tried to call the 1-888-482-7768 to speak to a human, but none were available. Any insight would be quite helpful to this non-developer customer.
Hello HubSpot Developers! We really appreciate your feedback on this. We’ll be partnering with you to make the migration to private apps as smooth as we can in order to help HubSpot remain the most trusted and secure CRM.
While we cannot change the timeline required to move your API keys to private apps, we’ll be creating additional resources dedicated to helping ease the transition. First, we’ll be fleshing out our migration guide, and providing more resources to help walk you through the steps involved. We will update this thread as these resources become available.
Again, thank you for your candid feedback on this announcement and rollout - we’re looking forward to working alongside you to help secure your customer data for the long term.