30.08.2022

Websites & Portals

What does HubSpot sunsetting API keys mean for you?

4 min read

Rowan

Remember, remember, the 30th of November. It’s the deadline for using HubSpot API keys — after the 30th, businesses will need a different solution for authenticating and authorising apps and custom integrations.

As a part of HubSpot’s continuous efforts to boost cybersecurity and protect customer data, HubSpot is phasing out API keys. We explore what all this means for non-technical readers. But first, here’s a summary of who this affects and how organisations can adapt to this change:

HubSpot is removing API keys — who does this impact?

Any HubSpot account utilising custom integrations might be affected by this change. This is because API keys are in common usage as there are only a few methods used to authenticate HubSpot apps and custom integrations, and API keys are the quickest and easiest to set up of the available methods. 

For this reason, anyone using custom integrations should review how it’s built and make appropriate adjustments. 

What do I need to do?

Once API keys are phased out, HubSpot will no longer authenticate custom integrations or apps that still use API keys. This means that these apps and integrations will no longer be able to communicate with HubSpot and will likely stop working as intended. 

Preventing this requires migrating integrations from API key authentication to either HubSpot Private Apps or HubSpot Public Apps using OAuth 2.0. For peace of mind and a seamless migration process, consider contacting the experts

When is the deadline?

Starting November 30, 2022, all customers will no longer have access to API keys or API key-based authentication.

Phew, now that we’ve gotten the nitty-gritty details, we can focus on explaining key terms and concepts, like what an API is and why we may need keys for them.

What are HubSpot API keys?

For the non-developers in the room, Application Programming Interfaces (APIs) provide a way for two or more different computer programs to speak to each other. Along with defining how pieces of software interact with each other, APIs control requests made between programs, how those requests are made, and the data formats used. This is such a necessary function that you could say the entire internet is stitched together using APIs. 

HubSpot’s API enables developers to build custom integrations and apps that help you get the most value out of HubSpot. This is a powerful feature but if bad actors were to gain access to your HubSpot account’s API, then they could retrieve and interact with sensitive business and customer data. 

HubSpot API keys improve account security by identifying and authorising projects and applications and limiting API access to those with an API key. So if a developer has the secret code (HubSpot API key), then they can send requests to the HubSpot API. But if you don’t have the secret code, then you’re locked out of the castle with no way of getting in. 

The downside to using API keys is that they function like passwords. If a hacker were to get their hands on your API key, then they might exploit it to access data like personal information. Keeping your API key safe requires vigilance from every person with access to it. As a recent CloudSek study shows, data leaks are bound to occur when having faith in people is a crucial feature of your cybersecurity strategy. The digital risk company discovered that the data of over 1.6 million users has been compromised through sloppily handled HubSpot API keys. 

Better security through Private and Public HubSpot Apps 

Unlike API keys, where all HubSpot integrations share the same secret code, Private and Public Apps enable you to set up separate and distinct access tokens for each integration. While the code still needs to be kept secret, access tokens can be customised to have different levels of API access, giving you greater control over how users access business processes and data. 

It’s the difference between giving all users super admin access — as is the case with API keys — and selecting user privileges and permissions based on the integration — as enabled by Private and Public Apps. 

While they have similar functions, Private Apps are designed for single HubSpot accounts. Conversely, Public Apps are intended for use by multiple HubSpot accounts. 

Don’t let the sun go down on you

Businesses using custom integrations have until November 30, 2022, to ensure they aren’t impacted by HubSpot sunsetting API keys. If you’re in this position, then you have two options. You can replace all API keys with Private or Public App tokens yourself, or you can hire a HubSpot Solutions Partner to do it for you.

At Huble, our Software Integrations and Development Team specialise in helping organisations maximise value from the HubSpot system. Along with building custom integrations, we offer support connecting tools and bespoke solutions. This includes helping businesses migrate from  API keys to Private or Public Apps. 

If you need support moving away from API keys, then contact us. We’ll come up with a foolproof plan that eliminates the risk of business disruption.

Latest Insights

Marketing & Creative

8 min read

Marketing in 2025: the future of AI in Marketing

Explore how AI will transform the daily workflow of marketers of the future: from AI-driven insights to content creation, crisis management, and more!

Read more

HubSpot Implementations

13 min read

HubSpot CDP: the future of unified customer data

Unlock the potential of a HubSpot CDP. Discover how to unify customer data for enhanced insights and personalised marketing strategies.

Read more

HubSpot Implementations

12 min read

8 key steps for a successful HubSpot change management strategy

Explore essential steps of HubSpot change management for CRM migration, ensuring a transition that minimises disruption and drives user adoption.

Read more

HubSpot Implementations

10 min read

How to choose a HubSpot partner in Belgium

Explore the key takeaways from DMEXCO 2024, including the importance of customer retention, AI-driven personalisation, and ethical considerations.

Read more

Marketing & Creative

9 min read

8 key lessons from DMEXCO 2024 for Digital Marketers

Explore the key takeaways from DMEXCO 2024, including the importance of customer retention, AI-driven personalisation, and ethical considerations.

Read more

HubSpot Implementations

12 min read

How sales teams can benefit from HubSpot Sales Hub AI tools

Explore the key takeaways from DMEXCO 2024, including the importance of customer retention, AI-driven personalisation, and ethical considerations.

Read more

Marketing & Growth

14 min read

Top 6 HubSpot Product Updates From INBOUND 2024

This article will explore the major product updates unveiled at INBOUND 2024, why they are critical, and how they can help you grow your business.

Read more

Marketing & Creative

11 min read

HubSpot Breeze AI: a deep dive for HubSpot users

Key features of Breeze AI, and how its various tools, including Breeze Copilot and Breeze Agents, are set to transform the way businesses operate.

Read more

Marketing & Creative

10 min read

HubSpot Breeze Intelligence: data enrichment & intent data at scale

How HubSpot Breeze Intelligence addresses personalization in B2B marketing by integrating advanced data enrichment and buyer intent features into HubSpot.

Read more

Marketing & Creative

6 min read

Third-party cookies: Google's delay and the impact on advertising

Find out more about Google's decision to delay the removal of third-party cookies and what it means for the future of the digital advertising industry.

Read more