30.08.2022

Websites & Portals

What does HubSpot sunsetting API keys mean for you?

4 min read

Rowan

Remember, remember, the 30th of November. It’s the deadline for using HubSpot API keys — after the 30th, businesses will need a different solution for authenticating and authorising apps and custom integrations.

As a part of HubSpot’s continuous efforts to boost cybersecurity and protect customer data, HubSpot is phasing out API keys. We explore what all this means for non-technical readers. But first, here’s a summary of who this affects and how organisations can adapt to this change:

HubSpot is removing API keys — who does this impact?

Any HubSpot account utilising custom integrations might be affected by this change. This is because API keys are in common usage as there are only a few methods used to authenticate HubSpot apps and custom integrations, and API keys are the quickest and easiest to set up of the available methods. 

For this reason, anyone using custom integrations should review how it’s built and make appropriate adjustments. 

What do I need to do?

Once API keys are phased out, HubSpot will no longer authenticate custom integrations or apps that still use API keys. This means that these apps and integrations will no longer be able to communicate with HubSpot and will likely stop working as intended. 

Preventing this requires migrating integrations from API key authentication to either HubSpot Private Apps or HubSpot Public Apps using OAuth 2.0. For peace of mind and a seamless migration process, consider contacting the experts

When is the deadline?

Starting November 30, 2022, all customers will no longer have access to API keys or API key-based authentication.

Phew, now that we’ve gotten the nitty-gritty details, we can focus on explaining key terms and concepts, like what an API is and why we may need keys for them.

What are HubSpot API keys?

For the non-developers in the room, Application Programming Interfaces (APIs) provide a way for two or more different computer programs to speak to each other. Along with defining how pieces of software interact with each other, APIs control requests made between programs, how those requests are made, and the data formats used. This is such a necessary function that you could say the entire internet is stitched together using APIs. 

HubSpot’s API enables developers to build custom integrations and apps that help you get the most value out of HubSpot. This is a powerful feature but if bad actors were to gain access to your HubSpot account’s API, then they could retrieve and interact with sensitive business and customer data. 

HubSpot API keys improve account security by identifying and authorising projects and applications and limiting API access to those with an API key. So if a developer has the secret code (HubSpot API key), then they can send requests to the HubSpot API. But if you don’t have the secret code, then you’re locked out of the castle with no way of getting in. 

The downside to using API keys is that they function like passwords. If a hacker were to get their hands on your API key, then they might exploit it to access data like personal information. Keeping your API key safe requires vigilance from every person with access to it. As a recent CloudSek study shows, data leaks are bound to occur when having faith in people is a crucial feature of your cybersecurity strategy. The digital risk company discovered that the data of over 1.6 million users has been compromised through sloppily handled HubSpot API keys. 

Better security through Private and Public HubSpot Apps 

Unlike API keys, where all HubSpot integrations share the same secret code, Private and Public Apps enable you to set up separate and distinct access tokens for each integration. While the code still needs to be kept secret, access tokens can be customised to have different levels of API access, giving you greater control over how users access business processes and data. 

It’s the difference between giving all users super admin access — as is the case with API keys — and selecting user privileges and permissions based on the integration — as enabled by Private and Public Apps. 

While they have similar functions, Private Apps are designed for single HubSpot accounts. Conversely, Public Apps are intended for use by multiple HubSpot accounts. 

Don’t let the sun go down on you

Businesses using custom integrations have until November 30, 2022, to ensure they aren’t impacted by HubSpot sunsetting API keys. If you’re in this position, then you have two options. You can replace all API keys with Private or Public App tokens yourself, or you can hire a HubSpot Solutions Partner to do it for you.

At Huble, our Software Integrations and Development Team specialise in helping organisations maximise value from the HubSpot system. Along with building custom integrations, we offer support connecting tools and bespoke solutions. This includes helping businesses migrate from  API keys to Private or Public Apps. 

If you need support moving away from API keys, then contact us. We’ll come up with a foolproof plan that eliminates the risk of business disruption.

Latest Insights

Marketing & Creative

6 min read

Poor data blocks AI decisions for 69% of companies. Here’s why.

Poor data limits AI success. Discover how businesses can fix their data foundations to unlock AI's full potential and drive smarter decision-making.

Read more

Marketing & Creative

15 min read

Essential HubSpot workflows you should implement in 2025

HubSpot workflows are the perfect way to automate professional processes. We unpack our favourite HubSpot workflows to showcase how useful they are.

Read more

Marketing & Creative

16 min read

How to run your first ABM pilot with HubSpot and Demandbase

In this article, we’ll guide you through the key steps to successfully launch your first ABM pilot using these two powerful platforms.

Read more

Sales & Revenue

17 min read

12 HubSpot Sales Reports you need in 2025

Explore HubSpot Sales Reporting, showcasing 12 powerful, customizable reports designed for sales leaders.

Read more

Marketing & Creative

6 min read

57% of leaders say they're AI-ready, only 8% actually are. Here’s why.

Explore the gap between leadership confidence and AI readiness, revealing why 71% of companies are rushing AI adoption without fixing their data strategy.

Read more

Websites & Portals

16 min read

Everything you need to know about HubSpot Content Hub

Learn all about HubSpot's Content Hub, including the key benefits and pricing, what's changing and how Marketers can utilise the platform.

Read more

HubSpot Implementations

14 min read

HubSpot data encryption: protect sensitive data across your business

Learn how HubSpot data encryption and HubSpot data protection safeguard sensitive information, ensure compliance, and keep your business secure.

Read more

Marketing & Creative

30 min read

111 Account-based marketing statistics you need to know in 2025

In this article, we look at 111 account-based marketing statistics that showcase how this strategy has transformed modern marketing.

Read more

Marketing & Creative

18 min read

Digital marketing trends for 2025 and how to leverage them

In this article, we dive deep into the most significant digital marketing trends of 2025 and how you can leverage them for your business.

Read more

Seek Evolution

6 min read

Huble proves HubSpot’s Enterprise Power with British Council

In this article, we reflect on Huble's journey to winning HubSpot's Product Excellence Impact Award for their work with the British Council.

Read more