HubSpot's Big App Update: What Marketers & RevOps Need to Know for 2026
Hey ESHOPMAN community! If you're running a store or managing your operations with HubSpot, you know how crucial a robust and secure app ecosystem is. HubSpot is constantly evolving, and sometimes, those evolutions come with important announcements that we all need to pay attention to. Recently, a significant update dropped in the HubSpot Community about upcoming changes to App Listing and Certification Requirements, with deadlines stretching into 2026 and 2027.
This isn't just developer-speak; these changes impact the reliability, security, and future compatibility of every app you might be using or considering for your HubSpot portal, including powerful commerce solutions like ESHOPMAN. Let's break down what these updates mean for you, straight from the source.
Keeping Your Apps on the Cutting Edge: API & Platform Versioning
HubSpot is always pushing forward, releasing new versions of its developer platform and REST APIs every six months. To ensure stability and security, they're tightening the reins on which versions apps must use. Starting November 2, 2026, apps will need to be on supported developer platform versions (like v2025.2 or v2026.03). If an app is built on an unsupported version, it'll be rejected for new listings, and existing apps undergoing certification will have a 60-day window to update.
Then, by March 2027, v4 APIs will become unsupported. Again, a 60-day migration window will be provided for apps in certification. What does this mean for you? It means HubSpot is serious about keeping its platform modern and secure. As a user, this translates to more reliable integrations and fewer headaches down the line. For those of you evaluating complex platforms or seeking an OroCommerce alternative, HubSpot's commitment to a secure, up-to-date app ecosystem, especially with solutions like ESHOPMAN, makes a compelling case for building your commerce directly within your CRM.
Say Goodbye to Legacy CRM Cards
Remember those classic CRM cards? They're on their way out! HubSpot is fully deprecating legacy CRM cards by October 31, 2026. Effective immediately, new apps can't use them, and any existing certified app must migrate to the newer 'app cards' before the deadline. This is a move towards a more streamlined and modern CRM experience, which ultimately benefits you by providing richer, more integrated data displays within your HubSpot records.
Clean Exits: The Uninstall App Endpoint
HubSpot is now requiring apps to use the Uninstall App API endpoint (DELETE /appinstalls/v3/external-install) for all new certifications and recertifications. Why is this important? It ensures that when you decide to remove an app, it's completely and cleanly uninstalled from your HubSpot account, including all associated features and webhooks. This is fantastic for data hygiene and managing your account efficiently, preventing lingering bits of code or data from unused apps.
Stronger Security: OAuth v3 Endpoints
Security is paramount, especially when connecting third-party apps to your valuable CRM data. HubSpot is mandating the use of new OAuth v3 endpoints for all new listings and certifications, effective immediately. OAuth v1 endpoints are being deprecated. This upgrade means more robust and secure authorization for your apps, protecting your data with the latest security protocols. These new endpoints include:
POST /oauth/2026-03/token- for authorization code & refresh token exchangePOST /oauth/2026-03/token/introspect- for token introspectionPOST /oauth/2026-03/token/revoke- for token revocation
More Accountability: Token Access and Storage Security Questionnaire
To further bolster security, developers now need to complete a security questionnaire for app certification and recertification. This questionnaire delves into how apps handle OAuth token access and storage, covering critical areas like encryption, access controls, and token lifecycle management. This extra layer of scrutiny means greater peace of mind for you, knowing that HubSpot-certified apps are held to high security standards when interacting with your data.
Easier for Developers, Safer for You: No More Testing Credentials for Listing!
Here's a piece of good news for developers and a subtle win for users: as of March 31, 2026, testing credentials are no longer required for app listing submissions. Instead, developers will provide demo videos or guided walkthroughs. This not only reduces the effort for partners but also improves security by eliminating the need to share and store sensitive login information. It's a smart move that benefits everyone.
ESHOPMAN Team Comment
We at ESHOPMAN wholeheartedly welcome these updates from HubSpot. They are a clear testament to HubSpot's commitment to maintaining a secure, reliable, and cutting-edge platform for its users and partners. These changes directly contribute to a more trustworthy ecosystem for e-commerce, ensuring that integrated solutions like ESHOPMAN can continue to deliver robust performance and peace of mind. For anyone building their commerce strategy on HubSpot, these improvements reinforce the platform's strength as a prime choice for growth.
What Does This Mean for You?
If you're a HubSpot user, RevOps leader, or marketer, these updates underscore the importance of choosing apps that are actively maintained and compliant with HubSpot's evolving standards. For ESHOPMAN users, rest assured that our team is always on top of HubSpot's latest requirements to ensure seamless integration and top-tier performance.
These changes are all about building a more reliable, secure, and future-proof HubSpot experience. By understanding these updates, you can make informed decisions about the apps you use and ensure your HubSpot portal continues to be a powerhouse for your business. Stay tuned to the HubSpot Community and partner announcements to keep your finger on the pulse!