About
This skill audits your HubSpot API integrations to identify all calls using legacy v1-v4 endpoints before their March 30, 2027 end-of-support deadline. It generates a migration checklist to help transition your private apps and tooling to the new date-based API versions. Use it to proactively inventory your stack and plan a necessary upgrade to maintain support and certification.
Quick Install
Claude Code
Recommendednpx skills add TomGranot/hubspot-admin-skills -a claude-code/plugin add https://github.com/TomGranot/hubspot-admin-skillsgit clone https://github.com/TomGranot/hubspot-admin-skills.git ~/.claude/skills/audit-api-usageCopy and paste this command in Claude Code to install this skill
Documentation
Audit API Usage Before the 2027 Version Cutoff
In March 2026 HubSpot replaced semantic API versioning (v1-v4) with date-based versions (/2026-03/-style paths, two releases a year, 18 months of support each). Everything still calling v1-v4 endpoints — including legacy OAuth v1 — becomes unsupported on March 30, 2027. This skill inventories what in your stack calls HubSpot and produces a migration checklist.
Why This Matters
The deadline fails quietly: unsupported APIs "no longer receive updates, bug fixes, or stability guarantees," and marketplace apps that don't migrate risk losing certification. A portal typically has more callers than anyone remembers — private apps, marketplace apps, middleware (Zapier/Make), form embeds, internal scripts, data warehouse syncs. Finding them takes an afternoon now or an incident later.
Key Facts
| Fact | Detail |
|---|---|
| Current recommended version | 2026-03 |
| Release cadence | March and September, every year |
| Support lifecycle | Current (6 months) → Supported (to 18 months) → Unsupported |
| v1–v4 end of support | March 30, 2027 |
| Also deprecated | Legacy v1 OAuth API (token issuance/introspection) |
Prerequisites
- Super Admin access (to view Integrations settings and private app logs)
- Optionally: a private app token (
HUBSPOT_ACCESS_TOKENin.env) for the account-level usage query - Access to the source code of any internal integrations
Execution Pattern
Stage 1: Plan
Confirm with the user: which systems are known to touch HubSpot (CRM syncs, website forms, analytics pipelines, internal scripts), and who owns each.
Stage 2: Before — Build the Caller Inventory
Work through each discovery source and record every caller in a checklist (owner, what it does, endpoints/versions used):
- Private apps: Settings > Integrations > Private Apps. Open each app > Logs — the API call log shows the exact request paths (
/crm/v3/...,/contacts/v1/...), which reveal the version in use. - Connected/marketplace apps: Settings > Integrations > Connected Apps. You can't see their internals; note each vendor — certified apps are being pushed to migrate by HubSpot, but confirm with the vendor for anything business-critical.
- Internal codebases: grep for version-revealing patterns:
grep -rEn "api\.hubapi\.com/[a-z-]+/v[0-9]|/contacts/v1|/email/public/v1|hubapi.com/automation/v[23]" . - Middleware (Zapier, Make, Workato, n8n): platform-managed connectors migrate on the vendor's schedule; custom HTTP steps inside them do not — check those by hand.
- Account-wide API usage (optional script check): the account-info API reports daily API usage totals for private apps:
This confirms how much traffic flows, not which versions — use the per-app logs from step 1 for version detail.resp = requests.get(f"{BASE}/account-info/v3/api-usage/daily", headers=HEADERS)
Stage 3: Execute — Classify and Plan Migrations
For every caller, classify:
| Status | Meaning | Action |
|---|---|---|
| Red | Calls v1/v2 legacy endpoints (e.g., /contacts/v1/, /email/public/v1/, forms v2) or legacy OAuth v1 | Migrate now — many of these had earlier sunset dates already |
| Amber | Calls v3/v4 endpoints | Works until 2027-03-30; schedule migration to 2026-03 date-based paths |
| Green | Calls date-based paths, or vendor-managed and confirmed migrating | Monitor |
For amber/red internal code, the migration is usually mechanical — same resources, new path prefix and (sometimes) renamed fields; consult the endpoint's migration notes in HubSpot's docs. Batch the work per codebase, not per endpoint.
This repo's own scripts are amber by design: they target /crm/v3/ and /automation/v4/, supported until March 2027, with the migration path documented in CONTRIBUTING.md.
Stage 4: After
- Every caller in the inventory has a status and an owner.
- Red items have migration tickets with dates; amber items are scheduled before 2027-03.
- Re-run this audit every 6 months — each March/September release starts a new support clock.
Rollback
Read-only — nothing to roll back.
Technical Gotchas
- Private app logs are the ground truth. Code greps miss dynamically-built URLs; the per-app request logs in Settings show what is actually being called.
- 404 vs 403 vs unsupported. After end of support, endpoints may keep working for a while — "unsupported" means no fixes or guarantees, not an instant shutoff. Do not treat "it still works" as "we're fine."
- OAuth is part of this. Apps using legacy v1 OAuth token endpoints must move to the date-based OAuth API even if their data endpoints are current.
- SDK versions pin API versions. If an integration uses an official HubSpot SDK, the SDK's major version determines which API version it calls — check the SDK changelog, not just your code.
GitHub Repository
Frequently asked questions
What is the audit-api-usage skill?
audit-api-usage is a Claude Skill by TomGranot. Skills package instructions and resources that Claude loads on demand, so Claude can perform audit-api-usage-related tasks without extra prompting.
How do I install audit-api-usage?
Use the install commands on this page: add audit-api-usage to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.
What category does audit-api-usage belong to?
audit-api-usage is in the Development category, tagged api.
Is audit-api-usage free to use?
Yes. audit-api-usage is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.
Related Skills
qmd is a local search and indexing CLI tool that enables developers to index and search through local files using hybrid search combining BM25, vector embeddings, and reranking. It supports both command-line usage and MCP (Model Context Protocol) mode for integration with Claude. The tool uses Ollama for embeddings and stores indexes locally, making it ideal for searching documentation or codebases directly from the terminal.
This skill executes implementation plans by dispatching a fresh subagent for each independent task, with code review between tasks. It enables fast iteration while maintaining quality gates through this review process. Use it when working on mostly independent tasks within the same session to ensure continuous progress with built-in quality checks.
The mcporter skill enables developers to manage and call Model Context Protocol (MCP) servers directly from Claude. It provides commands to list available servers, call their tools with arguments, and handle authentication and daemon lifecycle. Use this skill for integrating and testing MCP server functionality in your development workflow.
This skill deploys and orchestrates Vertex AI ADK agents using A2A protocol, managing AgentCard discovery, task submission, and supporting tools like Code Execution Sandbox and Memory Bank. It enables building multi-agent systems with sequential, parallel, or loop orchestration patterns in Python, Java, or Go. Use it when asked to deploy ADK agents or orchestrate agent workflows on Google Cloud.
