HubSpot APIs are at the heart of building flexible, data-driven solutions that connect marketing, sales, and customer management tools. Yet for many businesses, unlocking that potential isn’t straightforward.
Without the right technical setup, you risk integration bottlenecks, data mismatches, and missed automation opportunities.
As a business manager, you know that creating unique solutions to distinct problems always pays off in the end.
This is where HubSpot APIs come in. They allow you to build apps to tweak your HubSpot website for the better. For experienced Developers, this is a dream come true. And for you, this is an important part of optimizing your website to convert leads.
At Trio, we’ve spent years helping teams integrate, customize, and scale HubSpot to get measurable performance gains through our staff augmentation and outsourcing hiring models.
Let’s take a look at how HubSpot’s APIs work, when to use them, and what’s changed for 2025 (including OAuth, private app tokens, and updated rate limits).
Are you ready to start your development project?
We have the developers you need to take your development project in the right direction.
Companies are proven to grow their business faster with Trio.
What Is an API?
An application programming interface (API) is a sort of liaison between one software and another. It basically serves as a software intermediary that can communicate protocols in order for different software to work together.
One example of APIs that quite a few people would be familiar with is weather snippets. When you Google the weather, you typically get a widget where you can see the current and upcoming weather for at least a week.
In this instance, Google’s API works with the API of The Weather Channel, otherwise known as IBM’s The Weather Company, to show the weather on a user’s main search page.
APIs require some degree of complexity to offer seemingly simple interactions. However, they are what power many things on your screen.
What Is HubSpot API?
HubSpot APIs serve as a bridge between different pieces of software to help them exchange data efficiently. However, HubSpot’s APIs are built specifically to let you connect your marketing, sales, and service data across platforms, automate internal processes, and build apps directly on top of HubSpot’s ecosystem.
You can find HubSpot apps in the HubSpot App Marketplace.
There are thousands of apps to enhance either the management of your website or the experience of your website visitors.
Using HubSpot apps, you can integrate features into your website that work with your content or marketing strategy, or simply improve the aesthetic of your website.
Some of the most popular HubSpot apps include HubSpot for WordPress, which allows the benefits of HubSpot, like contact management and lead generation, to be gained from your WordPress content management system (CMS).
Another integrative app is Google Ads, which permits marketing managers to see their full return on investment (ROI), cross-network reporting, and more in HubSpot.
In addition to these ready-made solutions, HubSpot’s API platform empowers you to create entirely new integrations or extensions of your own.
Developers can use it to connect CRMs, automate data synchronization, or build advanced reporting tools, all while maintaining HubSpot’s user experience and data security standards.
Since the HubSpot API provides access to almost every major part of the platform, it allows your systems to communicate seamlessly. This flexibility makes it one of the most developer-friendly APIs in the marketing automation space.
In 2025, HubSpot continues to expand its API ecosystem with new endpoints, better rate limits, and deeper integrations, making it easier than ever to embed HubSpot functionality within your workflows.
When To Use the HubSpot API
There are lots of reasons that would prompt you to use the HubSpot API. The examples above, for example, of Google Ads and WordPress, demonstrate some situations where the HubSpot API is helpful.
These examples took advantage of the HubSpot API to build integrations that work with and refine your HubSpot API. In other words, HubSpot APIs have the capacity to bridge systems and ultimately connect them towards a more useful purpose.
But integrations like these are just the beginning. In 2025, businesses use HubSpot’s APIs to automate lead management, sync data between CRMs, and connect marketing tools that weren’t originally designed to work together.
Here are a few common reasons to leverage the HubSpot API:
- Automating repetitive workflows, such as syncing leads from another CRM into HubSpot automatically.
- Creating unified customer profiles by merging data from external sources (like product usage or billing systems).
- Building dashboards or analytics tools that visualize HubSpot data in real time.
- Developing private apps or microservices to handle niche marketing or reporting tasks your team needs.
- Integrating HubSpot with in-house tools, ensuring your data pipeline flows smoothly across departments.
Saying that you can do anything under the sun with the HubSpot API would be perhaps dramatic. That said, developers are able to leverage their technical skills and use the HubSpot APIs to build anything within the realm of software development and the HubSpot platform.
The key is to match the API’s capabilities to your business goals.
If your priority is to reduce manual work, sync data faster, or give your marketing team more reliable insights, HubSpot’s API framework provides the infrastructure to make it happen.
Our experienced HubSpot developers here at Trio can help you move from isolated tools into a cohesive, scalable system, customized for your business needs.
HubSpot API Authentication: OAuth vs Private App Tokens
To connect securely to HubSpot’s APIs, you now have two supported authentication methods: OAuth and Private App Access Tokens.
HubSpot officially retired API Keys in late 2022, so any integration still relying on them should be updated immediately.
Understanding which method to use depends on how your integration operates:
OAuth (For Public or Multi-Account Apps)
OAuth is the standard for apps that need to connect to multiple HubSpot accounts, such as integrations listed in the HubSpot App Marketplace.
With OAuth, your app authenticates on behalf of the user, exchanging temporary authorization codes for secure access tokens.
This process keeps credentials private, ensures compliance with HubSpot’s security policies, and gives users control over which data your integration can access.
How it works (simplified):
- The user installs your app and is redirected to HubSpot’s authorization page.
- They review and approve the requested permissions (called scopes).
- HubSpot sends your app an authorization code.
- Your app exchanges that code for an access token and a refresh token.
- The access token is used in each API request; the refresh token renews it automatically when it expires.
When to use OAuth:
- You’re publishing an app to multiple HubSpot customers.
- You need fine-grained control through scopes.
- You want to follow enterprise-grade security and compliance standards.
Pro tip: Always request only the scopes your app truly needs. Apps asking for excessive access tend to have lower install conversion rates and may fail review for listing.
Private App Access Tokens (For Single-Account or Internal Use)
Private apps are the recommended solution for internal integrations, single HubSpot accounts, or low-maintenance automations.
Creating a private app in HubSpot instantly generates a unique access token. That token replaces older API key functionality and provides the same authenticated access, but with better visibility and revocation options.
To set it up:
- In your HubSpot dashboard, navigate to Settings → Integrations → Private Apps.
- Create a new private app, define its scopes (data types it can access).
- Copy the generated access token and use it in your API request headers as:
Authorization: Bearer YOUR_ACCESS_TOKEN - Store tokens securely in environment variables or a secret manager, never in your codebase or client-side scripts.
When to use Private App Tokens:
- You’re building an internal integration for one HubSpot account.
- You want a simpler authentication flow than OAuth.
- You don’t plan to publish your integration to the App Marketplace.
HubSpot API Rate Limits and Usage
Every HubSpot integration is subject to usage limits designed to protect platform stability. Knowing these constraints and designing around them is essential for scalable systems.
HubSpot enforces rate limits based largely on subscription tier, the presence of any API capacity add-ons, and whether your app is public or private. As of the latest update:
| Account Type / Feature | Burst Limit (per 10s / per sec) | Daily Limit | Comments / Notes |
|---|---|---|---|
| Free & Starter | ~100 requests / 10s | 650,000 requests/day | Good for light internal automations |
| Professional (Private Apps) | 190 requests / 10s | 1,000,000 requests/day | Up from previous limits (500k/day) |
| Enterprise (Private Apps) | 190 requests / 10s | 1,000,000 requests / day | Increased in 2024 |
| Search API (all tiers) | 5 requests / second per token | Shared across endpoints | Up from 4/sec |
If your integration exceeds these limits, HubSpot returns an HTTP ‘429 Too Many Requests‘ error. Always handle rate limiting by implementing exponential backoff and honoring the ‘Retry-After‘ header.
Core API Examples (Practical Use Cases)
HubSpot’s APIs can power everything from simple data syncs to complex automation workflows. Below are some of the most common examples with short code samples to show how each works in practice.
Each example uses HubSpot’s official v3 client libraries, which simplify authentication, handle rate limiting, and keep your code cleaner.
1. Send Information to HubSpot
Daniel Alcanja, Trio CTO, notes that one common usage of the HubSpot API is “to send information outside of the HubSpot platform to the HubSpot platform.”
For example, you might send new contact data from your product or CRM directly into HubSpot:
from hubspot import HubSpot
from hubspot.crm.contacts import SimplePublicObjectInput
api = HubSpot(access_token="YOUR_PRIVATE_APP_TOKEN")
contact_data = SimplePublicObjectInput(properties={
"email": "example@domain.com",
"firstname": "Maria",
"lastname": "Gonzalez",
"company": "Trio Dev"
})
response = api.crm.contacts.basic_api.create(simple_public_object_input=contact_data)
print(response.id)
This creates a contact record in HubSpot automatically, making it perfect for syncing sign-ups, purchases, or lead data from other platforms.
2. Manipulate or Sync Data Between Systems
Imagine if you have some contact data on HubSpot that you want to match with the contacts you have in another system. HubSpot API allows you to “manipulate data” to reach that goal.
For example, you can retrieve contacts, update records, or synchronize fields with external databases:
import { Client } from "@hubspot/api-client";
const hubspot = new Client({ accessToken: process.env.HUBSPOT_TOKEN });
const contactId = "201";
await hubspot.crm.contacts.basicApi.update(contactId, {
properties: { phone: "+1 555-321-7890", jobtitle: "CTO" },
});
This snippet updates an existing contact’s phone number and job title, ensuring HubSpot data always matches your internal systems.
3. Update or Batch Modify Records
Sometimes you’ll need to update multiple records at once, like applying a new lifecycle stage to a set of leads. HubSpot’s batch endpoints make this efficient and limit API calls.
from hubspot.crm.contacts import BatchInputSimplePublicObjectBatchInput
batch_input = BatchInputSimplePublicObjectBatchInput(inputs=[
{"id": "201", "properties": {"lifecyclestage": "customer"}},
{"id": "202", "properties": {"lifecyclestage": "customer"}}
])
api.crm.contacts.batch_api.update(batch_input_simple_public_object_batch_input=batch_input)
Batch updates like this help you stay within rate limits and maintain accurate CRM data across thousands of contacts.
4. Search and Filter Contacts
HubSpot’s Search API lets you query data using filters and pagination. This is great for analytics or large-scale data syncs.
from hubspot.crm.contacts import PublicObjectSearchRequest, Filter, FilterGroup
search_request = PublicObjectSearchRequest(
filter_groups=[FilterGroup(filters=[
Filter(property_name="lifecyclestage", operator="EQ", value="customer")
])],
limit=5
)
results = api.crm.contacts.search_api.do_search(public_object_search_request=search_request)
for contact in results.results:
print(contact.properties.get("email"))
This query returns all contacts with a specific lifecycle stage, showing how easy it is to pull filtered data directly into your applications.
5. Automate HubSpot Data Updates from Events
A more advanced use case involves combining webhooks with HubSpot APIs. For example, updating internal systems when a contact changes.
Your webhook listener can trigger a HubSpot API call to keep systems synchronized in real time.
This pattern is ideal for maintaining data integrity across CRMs, analytics tools, or email platforms.
What Client Libraries Support the HubSpot API?
Both the HubSpot itself and the dedicated community work to build and maintain client libraries to handle basic calls for HubSpot’s API. The libraries are listed below.
| Language | Library (official / community) | Install / command |
|---|---|---|
| Node.js | @hubspot/api-client (official) | npm install @hubspot/api-client |
| Python | hubspot-api-client (official) | pip install hubspot-api-client |
| PHP | hubspot/api-client (official) | composer require hubspot/api-client |
| Ruby | hubspot-api-client (official/community) | gem install hubspot-api-client |
| Java | Community or unofficial | via Maven/Gradle (if available) |
| C# (.NET) | HubSpot.NET (community wrapper) | dotnet add package HubSpot.NET |
Webhooks, Sync, and Data Strategies
While HubSpot’s REST APIs are ideal for reading and writing data on demand, webhooks are what keep your systems synchronized in real time. They notify your app whenever important changes happen inside HubSpot.
How Webhooks Work
A webhook is a simple HTTP POST request that HubSpot sends to your chosen endpoint whenever a subscribed event occurs.
Instead of polling HubSpot’s API every few minutes, webhooks push data instantly, reducing latency, API usage, and infrastructure costs.
For example, when a contact’s lifecycle stage changes, HubSpot can send a webhook event to your app:
{
"eventId": 1045678,
"subscriptionType": "contact.propertyChange",
"propertyName": "lifecyclestage",
"propertyValue": "customer",
"objectId": 24501
}
Your listener endpoint can then react to this event, perhaps by updating a CRM, triggering a Slack notification, or refreshing a dashboard.
When to Use Webhooks vs. Polling
- Use Webhooks when you need real-time synchronization, like notifying your system when new leads are created.
- Use Polling when the API data changes unpredictably, or you only need periodic updates.
For most modern integrations, the best strategy is hybrid:
- Use webhooks for critical events that require immediate action.
- Use periodic API syncs to ensure consistency and catch missed events (e.g., due to downtime or retries).
Webhook Security and Reliability
To protect your app from unauthorized requests, HubSpot webhooks include a signature that you should verify using your app’s secret key. Always validate this signature before processing incoming data.
In addition:
- Implement retries: HubSpot automatically retries failed webhook deliveries up to ten times over a 24-hour period.
- Log events: Keep an event log to track what was received and when.
- Avoid rate spikes: Process webhook events asynchronously using queues (like RabbitMQ, AWS SQS, or Celery).
Designing Reliable Sync Systems
Real-world data synchronization often requires reconciling large datasets or handling partial updates. When building a sync strategy:
- Start from a clean data map: Align HubSpot object IDs (contacts, companies, deals) with your external system’s identifiers.
- Track timestamps: Use the
lastmodifieddateproperty to detect changes efficiently. - Handle deletions: Use webhooks and the Contacts API together to manage contact deletions gracefully.
- Plan recovery: Keep a “catch-up” job that reconciles any records missed by webhooks.
By combining webhooks for immediacy and API syncs for accuracy, you create a system that’s both responsive and resilient.
Common Pitfalls and Best Practices
Working with HubSpot’s APIs can unlock enormous potential for your business, but even experienced developers can make small mistakes that create big problems later on.
Using Outdated Authentication Methods
One of the most frequent mistakes is continuing to use HubSpot API keys, which were deprecated in 2022. All new integrations must now authenticate using OAuth or Private App Access Tokens.
Using legacy API keys might seem convenient, but it puts your integration at risk of sudden failure once those keys are fully disabled. Migrating early is the best way to future-proof your setup.
Ignoring API Rate Limits
Every HubSpot account tier has defined rate limits that prevent overload and maintain platform stability. When these thresholds are exceeded, HubSpot responds with a 429 “Too Many Requests” error.
To avoid disruptions, batch your operations where possible, use efficient pagination, and implement exponential backoff in your retry logic. This ensures your requests are both respectful and resilient.
Confusing Property Names
HubSpot’s internal property names don’t always match the labels you see in the interface. For example, “First Name” is firstname, and “Lifecycle Stage” is lifecyclestage.
Using the wrong identifiers can cause partial updates or silent data loss. Always double-check field names through HubSpot’s property metadata endpoints before writing or updating data.
Forgetting Pagination
HubSpot’s APIs return results in pages, not full datasets.
If you don’t use the limit and after parameters properly, you’ll only process part of your data. Always include pagination logic in your requests to ensure your application retrieves every record efficiently.
This is especially important when dealing with contacts, deals, or companies.
Skipping Webhook Verification
Webhooks are powerful for real-time synchronization, but they can also be risky if left unverified.
HubSpot signs each webhook event, and that signature must be validated against your app’s secret key before processing the data. This step prevents malicious or spoofed requests from triggering actions in your system.
Neglecting Error Logging and Retries
Even stable integrations encounter network interruptions or temporary API throttling.
Without centralized error logging or retry logic, these issues can quietly break data flows. Implement structured logging, monitor your API responses, and apply controlled retry mechanisms so errors are caught and corrected automatically.
Overlooking Data Mapping
When integrating HubSpot with other systems, mismatched identifiers can lead to duplicate records or broken associations.
Establish a clear data mapping strategy that aligns HubSpot object IDs with your external record IDs before syncing data. Doing so ensures data integrity across all connected platforms.
Failing to Plan for Scale
A HubSpot integration that works flawlessly with a few thousand records can struggle when it reaches hundreds of thousands.
Scalability should be built in from the start.
Use asynchronous queues, batch endpoints, and incremental sync processes to ensure your integration performs reliably as your data volume grows.
Subscribe to learn more about Hiring
How To Hire the Right Developer to Work With the HubSpot API
HubSpot APIs are a fairly technical piece of the puzzle regarding building your website. While there is an increased incentive to offer an angle of uniqueness to potential customers visiting your business online, this is not as simple as choosing a cool layout.
True refinement requires seasoned professionals who are trained from the start to do this kind of work. At Trio, the hiring process for HubSpot developers works by hiring highly experienced CMS experts and giving them the tools to hone their skills further for HubSpot’s COS.
For you, the process might be strikingly similar. HubSpot is relatively new on the scene, and to find the developers who are able to work it best, you should have some technical skills yourself.
But don’t worry. Trio is here to help: Learn more about how to hire developers.
Conclusion
APIs in general can enable different software to work together in the name of a more unified, yet distinguished user experience. You might not know it, but you work with APIs every day. From web applications to streaming services, digital connections are a way of life.
HubSpot APIs don’t stray far from this objective. As a content optimization system (COS), HubSpot doesn’t just seek to host content but genuinely optimize your website towards lead generation.
To do this, you need more than just a blog. You need a fully functional piece of software with integrated features and apps to enhance what you can offer both on the external and internal sides of operations.
Of course, those developing with HubSpot APIs should take into account some technical details like client libraries, API usage limits, authentication, app listing requirements, and more.
In conjunction with this, HubSpot developers should be entirely familiar with the procedures and concepts that are integral to HubSpot development.
It’s a good thing that Trio’s job is to look for developers who fit just those parameters. Hire Senior HubSpot developers at Trio now!
FAQs
Does HubSpot still use API keys?
No, HubSpot no longer uses API keys. They were retired in 2022, and all integrations must now use OAuth or Private App Tokens for authentication. Some old keys still work for now.
Which authentication method should I choose for my HubSpot API project?
The authentication method you should choose for your HubSpot API project depends on the account types. You should use OAuth for public or multi-account apps, and Private App Tokens for single-account or internal integrations.
Can I build custom integrations with HubSpot CRM objects?
Yes, you can build custom integrations with HubSpot CRM objects such as contacts, companies, deals, and custom objects to connect data across your systems.
What’s the best way to handle 429 “Too Many Requests” errors?
The best way to handle 429 errors is to pause and retry your requests using the Retry-After header and apply exponential backoff to stay within rate limits.
