Jun 1, 2022 12:44 PM - edited Oct 18, 2022 11:10 AM
API Keys have been one of three authentication methods supported by HubSpot APIs. However, as part of ongoing efforts to protect our customer's data, we will be sunsetting API Keys.
As a result of this change, integrations will instead be required to work with Private Apps. Private Apps offer tighter security and allow more granular control over your integrations and account data than legacy API keys.
With the introduction of Private Apps, users who previously developed on HubSpot and utilized API Keys will now be required to migrate existing integrations from using API Key authentication to using Private Apps instead. Instructions for how to migrate existing integrations can be found here.
Private Apps allow you to set up a separate static access token for each integration. Private App access tokens are also scoped like OAuth access tokens, so you can control the access that each integration has to your HubSpot account.
Private Apps work much the same as API key integrations do, with the main change being that they use a static access token in the Authorization HTTP header, instead of using the API key in a query parameter to authorize the API request. No other changes should be required of your integration aside from updating the authentication method.
If your integration is intended to be used by multiple HubSpot accounts, you must update your integration to be a Public App using OAuth 2.0. Private Apps cannot be used for multi-account apps. OAuth 2.0 provides the same security features as Private Apps, but provides a much better experience for HubSpot users, allowing them to quickly connect their HubSpot account to your app without additional code.
After November 30, we will begin the process of deprecating API Keys and your API keys will no longer be supported by HubSpot. You will therefore be using API keys at your own risk.
As of July 15, 2022, we no longer allowed new API keys to be created. Existing API keys will work until November 30th, but accounts which did not have an API key, as of July 15, 2022, will not have access to create a new API key.
In order to begin using Private Apps immediately, please see the documentation for Private Apps.
Developer Account API Keys, for configuring public apps, will still be available for use in Developer Accounts after November 30, 2022 and will not be affected by the API Key Sunset.
The migration guide linked above will remain your source of truth for information and questions regarding the API key sunset. If you have a question which hasn't been answered, reach out to Customer Support.
Updated October 18
Nov 17, 2022 7:33 PM
I see lots of non-developers on this thread. It would have been nice to have some more plain language explanation for those of us non-developers who keep getting sent warning messages. There is a question above which has not been answered yet - does this affect the Forms API?
Nov 17, 2022 7:49 PM
Nov 17, 2022 7:42 PM
Hey Vivre, I've got you right here:
Here, we got you! https://deckerdevs.com/blogs/hubspot-api-integrations-faqs-sunsetting-api-keys-for-private-apps
Nov 16, 2022 5:30 PM
Nov 16, 2022 3:01 PM
All of the documentation I have reviewed regarding the required migration to Private Apps seems to refer to version V3 of the API. Many of my API calls are still using V1 or V2. Can I leave these V1 and V2 calls alone (except for needed changes to use the Private App security approach), or must I simultaneously migrate these calls from V1 and V2 to V3? If possible I'd rather not change both security and API versions both at once.
Nov 16, 2022 5:26 PM
Hey, @KSM 👋 It sounds like you have a couple of related questions.
I will answer them below:
Please reach out to me if you require any additional details or if I can clarify things.
Have fun building! —Jaycee
Nov 16, 2022 3:06 PM
Nov 15, 2022 12:14 PM
Hello! Can you please confirm if this change will affect any of the App integrations (TypeForm, Databox, etc) that Hubspot has? I'm not very clear if we need to do any change on that end. Thanks!
Nov 15, 2022 2:51 PM
No you don't need to worry about those integrations. They all use OAuth, not the HAPI Key. Only the HAPI Key is being discontinued.
Oct 31, 2022 5:23 PM
We are using Form Api Submit data for a form | Forms API (hubspot.com) , Will it be impacted by the changes?
Sep 28, 2022 8:54 AM - edited Sep 28, 2022 8:54 AM
will any of the following installed plugins might be affected by the update?
Sep 21, 2022 3:28 PM
Hello everyone, we have conected our website and Facebook ads to Hubspot to search and follow leads, are this changes affecting those kind of proccess?
Sep 21, 2022 3:42 PM
Hi @aguzman10 no, you're all good with Facebook ads if you're using the HubSpot tool. If there were a change it would be posted specifically about the corresponding tool.
What do you mean "website ads" - are you referring to Google and is it via the built-in tool, or did you have a custom integration built?
Aug 29, 2022 11:10 AM
I noticed the post says "users who previously developed on HubSpot... will now be required to migrate..." Does this change only affect those who utilize HubSpot CMS? I'm not a developer, so I'm trying to figure out how this might affect my company.
Aug 29, 2022 11:12 AM
Hi @JackHoch have you worked with developer or agency to create an integration with HubSpot for your CRM, website, etc. that would use an API to connect data from another source?
Jul 29, 2022 10:21 AM
Adding a link to a YouTube video we added showing how to use private app authentication with a custom coded action and also with Postman. Hope this helps!
Jul 28, 2022 2:05 PM
I'm not a developer, so I don't know how this sunset will affect my HubSpot account connections. I do not have any specialized apps that were built for my company. I connect to Zapier and apps from the Marketplace like DocuSign and Stripe. Will these connections be affected?
Jul 28, 2022 3:45 PM
Nope. This will only affect apps that use the HAPI Key.
Jul 28, 2022 1:46 PM
I'm not a developer, so I don't know if/how this will affect my company. I connect HubSpot to Zapier and apps that are in HubSpot Marketplace like DocuSign and Stripe. I don't have any custom integrations built on the HubSpot developer side. Just what's already out there in the Marketplace. Does the sunset mean I will not be able to connect to these other apps? If so, since HubSpot is mandating this change, I'm assuming HubSpot will also provide the technical assistance I need to make the necessary changes.
I tried to call the 1-888-482-7768 to speak to a human, but none were available. Any insight would be quite helpful to this non-developer customer.
Jun 14, 2022 10:45 AM
Hello HubSpot Developers! We really appreciate your feedback on this. We’ll be partnering with you to make the migration to private apps as smooth as we can in order to help HubSpot remain the most trusted and secure CRM.
While we cannot change the timeline required to move your API keys to private apps, we’ll be creating additional resources dedicated to helping ease the transition. First, we’ll be fleshing out our migration guide, and providing more resources to help walk you through the steps involved. We will update this thread as these resources become available.
Again, thank you for your candid feedback on this announcement and rollout - we’re looking forward to working alongside you to help secure your customer data for the long term.