HubSpot Private Application Token
Description
General
- Documentation: https://developers.hubspot.com/beta-docs/guides/apps/private-apps/overview
- Summary: HubSpot is a comprehensive customer relationship management (CRM) platform that offers tools for marketing, sales, customer service, and content management. It provides developers with the ability to create private apps that are used to access the data of a workspace.
- IPs allowlist: This feature is not available.
- Scopes: Upon creation, a HubSpot private app is granted with a list of scopes. The scopes are very detailed and are split among HubSpot products: CRM, CMS, Automation, Communication Preferences, Conversations, Marketing, Settings and Others.
Revoke the secret
HubSpot API keys can be rotated in the web UI: see here.
Check for suspicious activity
It it possible to see all API calls in the web UI: see in Integrations/Private Apps/Logs.
Details for Hubspot private app token
-
Family: token
-
Category: crm
-
Company: HubSpot
-
High recall: False
-
Validity check available: True
-
Analyzer available: True
-
On-premise instances exist: False
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 1.28
-
Prefixed: False
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- pat-[a-z]{2}[0-9]-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}
Examples
- text: "Some context.\n apikey=pat-na1-91d91373-8e94-4872-893c-e7d080224a56"
apikey: pat-na1-91d91373-8e94-4872-893c-e7d080224a56
- text: 'Some context for a EU API key\n API_KEY="pat-eu1-91d91373-8e94-4872-893c-e7d080224a56"'
apikey: pat-eu1-91d91373-8e94-4872-893c-e7d080224a56
Secret Analyzer
Analysis Method
- Provider allows scopes enumeration: True
- Total network call count: 1
- Total call count may vary: False
HTTP Calls
Requests are designed to capture metadata and not to function effectively.
- POST: /oauth/v2/private-apps/get/access-token-info
Other Calls
No other calls for this analyzer.
