It’s time for HubSpot API key rotation – don’t get shocked if you receive an API key email or message from HubSpot. HubSpot users receive it every six months. If you already know what API keys are, you can skip the next couple of paragraphs and go straight to the heading “API keys don’t get invalidated unless withdrawn” where we talk about HubSpot API Keys.
What are API Keys?
API stands for Application Programming Interface. An API key is also known as a code or a secret authentication token or a unique identifier that is used to call a program to a website or two applications. The API key comes with specific user rights that are required for interacting with two applications or services. API Keys are an easy way for two services to communicate.
An API key looks like this: 39HISDHsd9j49tHSDEFJ494393hsidfh49a9dH
As you can see, these are random and kept unique each time. Once the two applications in question or the two services validate the same API key at their ends, the integration or access becomes successful.
Rotate HubSpot API Key
API Keys Don’t Get Invalidated Unless Withdrawn
Regarding withdrawing, HubSpot asks its users to rotate their API keys in the 6-months cycle. It’s for increased security purposes. HubSpot sends emails to notify the users to change their API keys. Those who see such emails sometimes panic because the other software providers usually do this when their security is breached. However, in the case of HubSpot, this is a regular practice. Users have to rotate the API key in HubSpot for security purposes. If you have a HubSpot development agency and HubSpot Partner such as Computan working with you, then you won't face issues HubSpot key rotation because we will take care of it for you.
HubSpot API Keys Give Admin Access of the HubSpot Portal to the User/Tool.
Limiting access to the API keys will allow you to control its admin access. The move will prevent every user/tool from having admin access to the portal. But, when you change the API key, then those users/tools that have limited access won’t be able to access anything.
API key rotations or password changes do happen when an employee leaves the company. It is standard practice. Similarly, HubSpot has made it a regular exercise covering all such scenarios and even those which you don’t anticipate. HubSpot’s doing its job of ringing the bell. Some HubSpot development companies do suggest their clients to rotate their API keys every three months based on their business security requirements.
Here’s How You Rotate and Get API Key in HubSpot
Click on the Settings to open the settings dashboard
On the left sidebar, you will multiple options, Click on Integrations, and when you click on integrations, you will see the following options; API key, Connected apps, Ecommerce Email Integrations, and click on the API Key.
If you are creating the HubSpot API key for the first time, you will have a view like you see below. You will see Create key button, when you click on the button, a dialog box with reCAPTCHA will appear. When you tick that box, you will have your HubSpot API key.
If you have created your HubSpot API key, then instead of Create a key button, you will see the Actions button.
When you click on the Actions button, two options will appear, ‘Rotate Key’ and ‘Deactivate key’. The Deactivate key option deactivates the current HubSpot API key. The Rotate Key option gives you the option to deactivate the current key and re-generate API key.
The following dialog box appears when you click on the Rotate Key button. You must click ‘Rotate and Expire this key now’ to proceed further.
Clicking on the button will generate integrations API key. Once you tick on the reCAPTCHA, you will have your new HubSpot API code key. Share it with your developers and for other integration purposes.
You may experience downtime until you replace the Integrations API code key on all the places. The downtime is worth it because changing the API key is necessary and adds a layer of security to your website.
HubSpot, prioritizing its security, can still be hacked. It does have its loopholes when integrated into unsecured third-party tools or when not following the account security property. We suggest you stay in touch with a HubSpot web development agency such as Computan to keep you secure.
Checkout our detailed edition on security risks with HubSpot websites. Click on the image below.
