30.08.2022

Websites & Portals

What does HubSpot sunsetting API keys mean for you?

4 min read

Rowan

Remember, remember, the 30th of November. It’s the deadline for using HubSpot API keys — after the 30th, businesses will need a different solution for authenticating and authorising apps and custom integrations.

As a part of HubSpot’s continuous efforts to boost cybersecurity and protect customer data, HubSpot is phasing out API keys. We explore what all this means for non-technical readers. But first, here’s a summary of who this affects and how organisations can adapt to this change:

HubSpot is removing API keys — who does this impact?

Any HubSpot account utilising custom integrations might be affected by this change. This is because API keys are in common usage as there are only a few methods used to authenticate HubSpot apps and custom integrations, and API keys are the quickest and easiest to set up of the available methods. 

For this reason, anyone using custom integrations should review how it’s built and make appropriate adjustments. 

What do I need to do?

Once API keys are phased out, HubSpot will no longer authenticate custom integrations or apps that still use API keys. This means that these apps and integrations will no longer be able to communicate with HubSpot and will likely stop working as intended. 

Preventing this requires migrating integrations from API key authentication to either HubSpot Private Apps or HubSpot Public Apps using OAuth 2.0. For peace of mind and a seamless migration process, consider contacting the experts

When is the deadline?

Starting November 30, 2022, all customers will no longer have access to API keys or API key-based authentication.

Phew, now that we’ve gotten the nitty-gritty details, we can focus on explaining key terms and concepts, like what an API is and why we may need keys for them.

What are HubSpot API keys?

For the non-developers in the room, Application Programming Interfaces (APIs) provide a way for two or more different computer programs to speak to each other. Along with defining how pieces of software interact with each other, APIs control requests made between programs, how those requests are made, and the data formats used. This is such a necessary function that you could say the entire internet is stitched together using APIs. 

HubSpot’s API enables developers to build custom integrations and apps that help you get the most value out of HubSpot. This is a powerful feature but if bad actors were to gain access to your HubSpot account’s API, then they could retrieve and interact with sensitive business and customer data. 

HubSpot API keys improve account security by identifying and authorising projects and applications and limiting API access to those with an API key. So if a developer has the secret code (HubSpot API key), then they can send requests to the HubSpot API. But if you don’t have the secret code, then you’re locked out of the castle with no way of getting in. 

The downside to using API keys is that they function like passwords. If a hacker were to get their hands on your API key, then they might exploit it to access data like personal information. Keeping your API key safe requires vigilance from every person with access to it. As a recent CloudSek study shows, data leaks are bound to occur when having faith in people is a crucial feature of your cybersecurity strategy. The digital risk company discovered that the data of over 1.6 million users has been compromised through sloppily handled HubSpot API keys. 

Better security through Private and Public HubSpot Apps 

Unlike API keys, where all HubSpot integrations share the same secret code, Private and Public Apps enable you to set up separate and distinct access tokens for each integration. While the code still needs to be kept secret, access tokens can be customised to have different levels of API access, giving you greater control over how users access business processes and data. 

It’s the difference between giving all users super admin access — as is the case with API keys — and selecting user privileges and permissions based on the integration — as enabled by Private and Public Apps. 

While they have similar functions, Private Apps are designed for single HubSpot accounts. Conversely, Public Apps are intended for use by multiple HubSpot accounts. 

Don’t let the sun go down on you

Businesses using custom integrations have until November 30, 2022, to ensure they aren’t impacted by HubSpot sunsetting API keys. If you’re in this position, then you have two options. You can replace all API keys with Private or Public App tokens yourself, or you can hire a HubSpot Solutions Partner to do it for you.

At Huble, our Software Integrations and Development Team specialise in helping organisations maximise value from the HubSpot system. Along with building custom integrations, we offer support connecting tools and bespoke solutions. This includes helping businesses migrate from  API keys to Private or Public Apps. 

If you need support moving away from API keys, then contact us. We’ll come up with a foolproof plan that eliminates the risk of business disruption.

Latest Insights

Websites & Portals

16 min read

Everything you need to know about HubSpot Content Hub

Learn all about HubSpot's Content Hub, including the key benefits and pricing, what's changing and how Marketers can utilise the platform.

Read more

HubSpot Implementations

14 min read

HubSpot data encryption: protect sensitive data across your business

Learn how HubSpot data encryption and HubSpot data protection safeguard sensitive information, ensure compliance, and keep your business secure.

Read more

Marketing & Creative

30 min read

111 Account-based marketing statistics you need to know in 2025

In this article, we look at 111 account-based marketing statistics that showcase how this strategy has transformed modern marketing.

Read more

Marketing & Creative

18 min read

Digital marketing trends for 2025 and how to leverage them

In this article, we dive deep into the most significant digital marketing trends of 2025 and how you can leverage them for your business.

Read more

Seek Evolution

6 min read

Huble proves HubSpot’s Enterprise Power with British Council

In this article, we reflect on Huble's journey to winning HubSpot's Product Excellence Impact Award for their work with the British Council.

Read more

HubSpot Implementations

13 min read

Can HubSpot be hacked? A guide to HubSpot’s Sensitive Data Tools

How HubSpot’s Sensitive Data Tools help businesses protect sensitive information, ensure compliance, and boost operational efficiency across teams.

Read more

HubSpot Implementations

27 min read

HubSpot security and compliance: best practices and automated tools

Explore how to leverage HubSpot’s security tools and resources to mitigate risks and ensure Security and Compliance in HubSpot.

Read more

Service & CX

11 min read

HubSpot for Healthcare: secure customer service and data protection

Explore how HubSpot helps healthcare organizations balance sensitive data security with efficient customer service.

Read more

Marketing & Creative

12 min read

Marketing funnel vs customer journey: decoding the differences

In this article, we explore the differences between the marketing funnel vs customer journey and how you can leverage them to effectively engage and convert potential customers.

Read more

HubSpot Implementations

5 min read

HubSpot Global Partner of the Year: a letter from our CMO

Explore what winning HubSpot’s Partner of the Year award means for our customers and our dedication to providing world-class HubSpot solutions.

Read more