The current implementation allows for one active API key at a time. In order to keep things secure, it is suggested that the key is rotated on a schedule. However, in order to do so, you must deactivate the existing key when creating a new one. This would, in many implementations, create downtime. That is a noted issue here: https://knowledge.hubspot.com/integrations/how-do-i-get-my-hubspot-api-key
"While this may create downtime and require effort, it adds a layer of security by..."
For some implementations, including ours, where this key must be updated across several servers, this is not ideal.
I'd like to see the ability to have at least 2 API keys allowed at a time. This would allow us to create a new API key and roll out the new one without affecting any live integrations. Then once the new API key has been rolled out, we can deactivate the old one.
I found a related idea (https://community.hubspot.com/t5/APIs-Integrations/Multiple-API-Key-needed/m-p/292462) and I'll upvote that and it's related ticket in the approved solution, but I'm not sure it covers the exact same scenario.
Hi all, we've introduced Private Apps as the new and improved alternative to API Keys. When rotating a private app access token, you can choose to expire the original access token at a later time. You can also create multiple private apps in one account and restrict its access to just what the app needs. To learn more, view our Private App documentation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.