HubSpot’s API is a powerful tool for integrating your CRM with external systems like Salesforce, especially when using tools like Postman. If you’re wondering how to generate an API key in HubSpot, there’s a catch: traditional API keys were phased out in November 2022. Today, HubSpot relies on more secure methods like Private Apps and OAuth. In this guide, we’ll explore the old API key process for context, then walk you through the current, recommended approach to authenticate your integrations as of April 4, 2025.

---

The Old Way: Generating a Traditional API Key (No Longer Available)

Before API keys were discontinued, generating one was simple for Super Admins. Here’s how it worked:

1. Log In to HubSpot: Sign in with Super Admin credentials.
2. Navigate to Settings: Click the gear icon in the top navigation bar.
3. Go to Integrations: Select “Integrations” from the left sidebar, then click “API key.”
4. Generate the Key: Click “Generate API key” (or “Show” if one existed), then copy it.
5. Secure It: Share it cautiously—this key granted full account access.

This method is now obsolete. If you try this in 2025, the API key option won’t appear unless you’re managing a legacy integration with an existing key (which requires migration).

---

Why API Keys Were Phased Out

HubSpot sunsetted API keys to bolster security. Unlike their replacements, API keys offered unrestricted access, posing risks if leaked. Modern alternatives—Private Apps and OAuth—let you define specific permissions, reducing exposure and aligning with industry standards.

---

The Modern Way: Using Private Apps to Authenticate

For connecting HubSpot to Salesforce via Postman, Private Apps are the simplest, most secure replacement for API keys. Here’s how to set one up:

Step 1: Create a Private App in HubSpot

1. Log In as a Super Admin: Ensure you have the right permissions.
2. Go to Settings: Click the gear icon.
3. Navigate to Private Apps: Under “Integrations,” select “Private Apps.”
4. Create a Private App: Click “Create a private app.”
5. Configure the App:
   • Basic Info: Name it (e.g., “Salesforce Integration”) and add a description.
   • Scopes: Choose permissions like crm.objects.contacts or crm.objects.deals based on your needs.
6. Generate the Token: Click “Create,” copy the access token, and store it securely—it won’t be shown again.

Step 2: Use the Token in Postman

1. Set Up a Request: Create a request in Postman (e.g., GET https://api.hubapi.com/crm/v3/objects/contacts).
2. Add Authorization: In the “Authorization” tab, select “Bearer Token” and paste your token.
3. Test the Request: Send it. A successful response means you’re connected.
4. Troubleshoot: A 403 error signals scope issues; a 401 means the token is invalid.

Step 3: Connect to Salesforce

Use Postman to pull data from HubSpot and push it to Salesforce’s API (e.g., via REST with OAuth). Chain requests or use scripts for automation.

---

Alternative: OAuth (For Broader Use Cases)

For multi-account integrations, OAuth is ideal but more complex:

1. Create an App: Set up an app in a HubSpot developer account.
2. Authorize: Get an access token via HubSpot’s OAuth flow.
3. Use in Postman: Apply the token as a Bearer Token.

Private Apps suffice for single-account needs like yours, though.

---

Tips for Success

• Check Permissions: Match scopes to your integration goals.
• Secure Your Token: Treat it like a password—don’t expose it.
• Monitor Limits: HubSpot caps API calls at 100 per 10 seconds for Private Apps.
• Migrate Legacy Keys: Replace hapikey with Authorization: Bearer headers.

---

Final Thoughts

HubSpot’s move to Private Apps and OAuth reflects a security-first approach, making integrations safer and more flexible. For your Salesforce project, a Private App token is quick to generate and perfect for Postman testing. Once set up, you’ll be syncing data in no time. Need help with scopes or Postman? Just ask!