Skip to main content

HubSpot Private Application Token

Description

General

  • Documentation: https://developers.hubspot.com/beta-docs/guides/apps/private-apps/overview
  • Summary: HubSpot is a comprehensive customer relationship management (CRM) platform that offers tools for marketing, sales, customer service, and content management. It provides developers with the ability to create private apps that are used to access the data of a workspace.
  • IPs allowlist: This feature is not available.
  • Scopes: Upon creation, a HubSpot private app is granted with a list of scopes. The scopes are very detailed and are split among HubSpot products: CRM, CMS, Automation, Communication Preferences, Conversations, Marketing, Settings and Others.

Revoke the secret

HubSpot API keys can be rotated in the web UI: see here.

Check for suspicious activity

It it possible to see all API calls in the web UI: see in Integrations/Private Apps/Logs.

Details for Hubspot private app token

  • Family: token

  • Category: crm

  • Company: HubSpot

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 1.28

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator
patterns:
- pat-[a-z]{2}[0-9]-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}

Examples

- text: "Some context.\n apikey=pat-na1-91d91373-8e94-4872-893c-e7d080224a56"
apikey: pat-na1-91d91373-8e94-4872-893c-e7d080224a56
- text: 'Some context for a EU API key\n API_KEY="pat-eu1-91d91373-8e94-4872-893c-e7d080224a56"'
apikey: pat-eu1-91d91373-8e94-4872-893c-e7d080224a56

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: True
  • Total network call count: 1
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

  • POST: /oauth/v2/private-apps/get/access-token-info

Other Calls

No other calls for this analyzer.