Check the target audience, learning objectives, and overall structure.
I use HubSpot for work, and am using API, CLI, and custom code.More advanced automation, expansion, and integrationIt is aimed at engineers who want to realize the following. It is assumed that you have some understanding of the basic operations of each Hub such as CRM, Marketing, and CMS.
From the big picture of HubSpot API to custom object design, CMS theme development, workflow extension, webhook design, OAuth app development, and AI-driven development using HubSpot MCP Server. You can systematically learn knowledge and code examples that can be used immediately in practice.
Organize the layers that developers are involved with and the tools and APIs used in each layer.
Understand the main functions of the Developer Portal (app.hubspot.com), which is the starting point for development.
| function | place | Main uses |
|---|---|---|
| Private App | Settings → Integrations → Private Apps | Access tokens for internal tools (recommended) |
| Public App | Developer account → Apps | OAuth app that connects to another company's portal |
| API key (old) | Settings → Integrations → API Keys | Not recommended. Avoid new use |
| Sandbox | Settings → Sandbox | Development/test environment that does not affect production data |
| API reference | developers.hubspot.com | Check endpoint specifications and parameters |
| App Marketplace | ecosystem.hubspot.com | Public application review/posting application |
There are three types of HubSpot API authentication depending on the purpose. Select the appropriate method depending on the situation.
| Authentication method | suitable case | scope control | Recommendation level |
|---|---|---|---|
| Private App Token | Internal tools that only access your company portal | ◎ Can be set in detail | ★ Recommended |
| OAuth 2.0 | Public app that connects to multiple portals | ◎ User consent based | standard |
| API key (old) | Legacy integration (migration recommended) | ✗ No scope control | Not recommended |
A Private App Token is an access token tied to a specific HubSpot portal. at the time of creationGrant only necessary scopesThis makes it easier to follow the principle of least privilege and is ideal for internal tools from a security perspective. Tokens are used for Bearer authentication and regular rotation is recommended.
The flow from actually creating a token to calling the API.
-
1Log in to your HubSpot portal Open the profile icon on the top right → “Settings (⚙)”.
-
2Open the Private Apps menu Left sidebar → "Integration" → "Private Apps" → "Create Private App".
-
3Enter app name and description Give it a descriptive name (for example:
crm-sync-internal)。 -
4Select scope Check only the required permissions from the "Scope" tab. Separate Read/Write and keep privileges to minimum.
-
5Create app and copy token After clicking "Create app", copy the displayed token.Cannot be displayed againStore it in a safe place.
crm.objects.contacts.read Let's get into the habit of assigning each function like this.
You can add more later, but too wide a scope is a security risk.
Set up Node.js, HubSpot CLI, and environment variables to get ready to start development.
Node.js 20 or higher(LTS recommended), npm, and Git are required.
HubSpot CLI v8.0.0 and later will not work with Node.js below 18.
node -v Please check.
.gitignore be sure to .env Please add.
If a token is accidentally included in the repository, immediately invalidate it and issue a new one.
Develop and test in a sandbox environment to avoid impacting production data.
| kinds | Features | Available plans |
|---|---|---|
| Developer Sandbox | Empty portal. No actual data. Ideal for API/CLI operation verification | Free (developer account) |
| Standard Sandbox | Contains a copy of production data. Can be tested in conditions closer to actual production | Enterprise |
The HubSpot API has rate limits that result in an error if exceeded. Figure it out in advance.
| Type of restriction | upper limit | remarks |
|---|---|---|
| Number of requests per 10 seconds | 100 requests / 10 seconds | Most common limitations. 429 error on excess |
| Number of requests per day | Depends on plan (Free: 250,000) | Enterprise can significantly increase |
| Burst limit | 100 requests / 10 seconds | Beware of bursty requests |
| Batch API | Up to 100 items per request | Mass processing becomes more efficient with Batch API |
HubSpot provides an official SDK. Use them differently depending on the language.
| language | package | Features | Recommendation level |
|---|---|---|---|
| Node.js | @hubspot/api-client |
official. With TypeScript type definitions. most fulfilling | ★ Recommended |
| Python | hubspot-api-client |
official. Frequently used for collaboration scripts with Data Hub | Recommended |
| PHP | hubspot/hubspot-php |
Community version. Not officially supported | reference |
| others | REST API direct call | curl / fetch / axios etc. Available in all languages | General purpose |
Before moving on to the next chapter (CLI & Development Workflow), let's summarize the important points.
✅ Chapter 0 Checklist
- Understood the overall picture of the HubSpot development ecosystem (API layer, tool layer, AI layer)
- Understood the main features of the Developer Portal (Private App, Sandbox, API reference)
- Created a Private App Token and granted only the necessary scopes
- Confirmed that API key (old) is deprecated
- Node.js 20 or higher + HubSpot CLI v8.x installed
- Completed portal authentication with hs auth
- Created a .env file and added it to .gitignore
- You have acquired (or are planning to create) a Developer Sandbox portal.
- Understood the concept of rate limiting (100 req/10 seconds) and exponential backoff
- Confirmed basic usage of Node.js SDK (@hubspot/api-client)