Upcoming: API Key Sunset

Dadams · ‎Jun 1, 2022

What’s changing?

API Keys have been one of three authentication methods supported by HubSpot APIs. However, as part of ongoing efforts to protect our customer's data, we will be sunsetting API Keys.

As a result of this change, integrations will instead be required to work with Private Apps. Private Apps offer tighter security and allow more granular control over your integrations and account data than legacy API keys.

What this means for developers:

With the introduction of Private Apps, users who previously developed on HubSpot and utilized API Keys will now be required to migrate existing integrations from using API Key authentication to using Private Apps instead. Instructions for how to migrate existing integrations can be found here.

Why the Change?

Private Apps allow you to set up a separate static access token for each integration. Private App access tokens are also scoped like OAuth access tokens, so you can control the access that each integration has to your HubSpot account.

Private Apps work much the same as API key integrations do, with the main change being that they use a static access token in the Authorization HTTP header, instead of using the API key in a query parameter to authorize the API request. No other changes should be required of your integration aside from updating the authentication method.

If your integration is intended to be used by multiple HubSpot accounts, you must update your integration to be a Public App using OAuth 2.0. Private Apps cannot be used for multi-account apps. OAuth 2.0 provides the same security features as Private Apps, but provides a much better experience for HubSpot users, allowing them to quickly connect their HubSpot account to your app without additional code.

When is this change happening?

After November 30, we will begin the process of deprecating API Keys and your API keys will no longer be supported by HubSpot. You will therefore be using API keys at your own risk.

As of July 15, 2022, we no longer allowed new API keys to be created. Existing API keys will work until November 30th, but accounts which did not have an API key, as of July 15, 2022, will not have access to create a new API key.

In order to begin using Private Apps immediately, please see the documentation for Private Apps.

Developer Account API Keys, for configuring public apps, will still be available for use in Developer Accounts after November 30, 2022 and will not be affected by the API Key Sunset.

The migration guide linked above will remain your source of truth for information and questions regarding the API key sunset. If you have a question which hasn't been answered, reach out to Customer Support.

Updated October 18

Vivre · ‎Nov 17, 2022

I see lots of non-developers on this thread. It would have been nice to have some more plain language explanation for those of us non-developers who keep getting sent warning messages. There is a question above which has not been answered yet - does this affect the Forms API?

louischausse · ‎Nov 17, 2022

This affects all APIs

But it is not the APIs themselves that you should look into but the
authentication method to make request to the APIs

There is 3 authentication method to access HubSpot APIs

- oAuth (or public app such as those you can find in the HubSpot app
marketplace )
- private app
- API keys (this one is getting deprecated)

So, if you want to know if you are affected by this deprecation, go to:
Settings > integrations > API key > call logs

If you see recent logs in the table you need to find what program is doing
the requests you see in the log and migrate those call to a public app or
private app (private app is most likely the best solution)

Do not hesitate should you have any questions

Louis Chaussé from Auxilio HubSpot Solutions Partner Signature

Louis Chaussé from Auxilio HubSpot Solutions Partner Meeting link

nickdeckerdevs1 · ‎Nov 17, 2022

Hey Vivre, I've got you right here:

Here, we got you! https://deckerdevs.com/blogs/hubspot-api-integrations-faqs-sunsetting-api-keys-for-private-apps

Plain english

Jaycee_Lewis · ‎Nov 16, 2022

Hey, community! Here is a guide on migrating away from your API key with examples including Postman and custom coded actions:

Best,

Jaycee

Join us on March 27th at 12 PM for the Digital Essentials Lab, an interactive session designed to redefine your digital strategy!
Engage with expert Jourdan Guyton to gain actionable insights, participate in live Q&A, and learn strategies to boost your business success.
Don't miss this opportunity to connect and grow—reserve your spot today!

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !

KSM · ‎Nov 16, 2022

All of the documentation I have reviewed regarding the required migration to Private Apps seems to refer to version V3 of the API. Many of my API calls are still using V1 or V2. Can I leave these V1 and V2 calls alone (except for needed changes to use the Private App security approach), or must I simultaneously migrate these calls from V1 and V2 to V3? If possible I'd rather not change both security and API versions both at once.

Jaycee_Lewis · ‎Nov 16, 2022

Hey, @KSM 👋 It sounds like you have a couple of related questions.

I will answer them below:

Q1 — Are you asking if you can continue to use v1 and v2 endpoints after the sunset? If so, unless explicitly flagged any v1/v2/Legacy endpoints are stable and supported unless marked for depreciation.
Q2 — Aside from updating your Authorization method, from HAPI key to Private Apps, you can use the same endpoints. Unless there is a compelling reason to switch from v1/Legacy endpoint to a newer version, there is not an immediate need.

Please reach out to me if you require any additional details or if I can clarify things.

Have fun building! —Jaycee

Join us on March 27th at 12 PM for the Digital Essentials Lab, an interactive session designed to redefine your digital strategy!
Engage with expert Jourdan Guyton to gain actionable insights, participate in live Q&A, and learn strategies to boost your business success.
Don't miss this opportunity to connect and grow—reserve your spot today!

Did you know that the Community is available in other languages?
Join regional conversations by changing your language settings !

nickdeckerdevs1 · ‎Nov 16, 2022

No, you cannot -- there will be no API KEYS -- they will no longer work

AVillegas0 · ‎Nov 15, 2022

Hello! Can you please confirm if this change will affect any of the App integrations (TypeForm, Databox, etc) that Hubspot has? I'm not very clear if we need to do any change on that end. Thanks!

gillytech · ‎Nov 15, 2022

No you don't need to worry about those integrations. They all use OAuth, not the HAPI Key. Only the HAPI Key is being discontinued.

KZhu8 · ‎Oct 31, 2022

We are using Form Api Submit data for a form | Forms API (hubspot.com) , Will it be impacted by the changes?

PLucas2 · ‎Sep 28, 2022

Hello,

will any of the following installed plugins might be affected by the update?

HubSpot All-In-One Marketing - Forms, Popups, Live Chat
MWB HubSpot for WooCommerce
WPOP Contact Form 7 to Hubspot

aguzman10 · ‎Sep 21, 2022

Hello everyone, we have conected our website and Facebook ads to Hubspot to search and follow leads, are this changes affecting those kind of proccess?

Jnix284 · ‎Sep 21, 2022

Hi @aguzman10 no, you're all good with Facebook ads if you're using the HubSpot tool. If there were a change it would be posted specifically about the corresponding tool.

What do you mean "website ads" - are you referring to Google and is it via the built-in tool, or did you have a custom integration built?

If my reply answered your question please mark it as a solution to make it easier for others to find.

JackHoch · ‎Aug 29, 2022

I noticed the post says "users who previously developed on HubSpot... will now be required to migrate..." Does this change only affect those who utilize HubSpot CMS? I'm not a developer, so I'm trying to figure out how this might affect my company.

Jnix284 · ‎Aug 29, 2022

Hi @JackHoch have you worked with developer or agency to create an integration with HubSpot for your CRM, website, etc. that would use an API to connect data from another source?

If my reply answered your question please mark it as a solution to make it easier for others to find.

dennisedson · ‎Jul 29, 2022

Adding a link to a YouTube video we added showing how to use private app authentication with a custom coded action and also with Postman. Hope this helps!

Join us on March 27th at 12 PM for the Digital Essentials Lab, an interactive session designed to redefine your digital strategy!
Engage with expert Jourdan Guyton to gain actionable insights, participate in live Q&A, and learn strategies to boost your business success.
Don't miss this opportunity to connect and grow—reserve your spot today!

JFreeman1 · ‎Jul 28, 2022

I'm not a developer, so I don't know how this sunset will affect my HubSpot account connections. I do not have any specialized apps that were built for my company. I connect to Zapier and apps from the Marketplace like DocuSign and Stripe. Will these connections be affected?

gillytech · ‎Jul 28, 2022

Nope. This will only affect apps that use the HAPI Key.

JFreeman1 · ‎Jul 28, 2022

I'm not a developer, so I don't know if/how this will affect my company. I connect HubSpot to Zapier and apps that are in HubSpot Marketplace like DocuSign and Stripe. I don't have any custom integrations built on the HubSpot developer side. Just what's already out there in the Marketplace. Does the sunset mean I will not be able to connect to these other apps? If so, since HubSpot is mandating this change, I'm assuming HubSpot will also provide the technical assistance I need to make the necessary changes.

I tried to call the 1-888-482-7768 to speak to a human, but none were available. Any insight would be quite helpful to this non-developer customer.

dennisedson · ‎Jun 14, 2022

Hello HubSpot Developers! We really appreciate your feedback on this. We’ll be partnering with you to make the migration to private apps as smooth as we can in order to help HubSpot remain the most trusted and secure CRM.

While we cannot change the timeline required to move your API keys to private apps, we’ll be creating additional resources dedicated to helping ease the transition. First, we’ll be fleshing out our migration guide, and providing more resources to help walk you through the steps involved. We will update this thread as these resources become available.

Again, thank you for your candid feedback on this announcement and rollout - we’re looking forward to working alongside you to help secure your customer data for the long term.

Join us on March 27th at 12 PM for the Digital Essentials Lab, an interactive session designed to redefine your digital strategy!
Engage with expert Jourdan Guyton to gain actionable insights, participate in live Q&A, and learn strategies to boost your business success.
Don't miss this opportunity to connect and grow—reserve your spot today!

Developer Announcements