The average HubSpot portal has between 7 and 15 connected integrations. Some were installed years ago by team members who have since left the company. Others were added for a one-time project and never removed. A handful are actively syncing data in ways nobody fully understands.
If that sounds familiar, your portal is overdue for an integration audit.
HubSpot integrations are the connective tissue between your CRM and the rest of your tech stack. When they work well, data flows seamlessly between tools, automations fire on schedule, and your team operates from a single source of truth. When they break down silently or accumulate unchecked, they create data quality issues, security vulnerabilities, and wasted API capacity that can cripple your operations.
This guide walks you through a comprehensive HubSpot integration audit, covering everything from building your integration inventory to monitoring API call usage and securing third-party access. Whether you manage one portal or twenty, this process will help you take back control of your connected ecosystem.
Why HubSpot Integration Audits Matter More Than Ever
HubSpot’s marketplace now offers over 1,600 integrations, and custom API connections add even more complexity. As your tech stack grows, so does the risk profile of your portal. Here is why regular integration audits have become non-negotiable.
Data Quality Erosion
A broken Salesforce sync might stop updating a custom property on new contacts, silently skewing your reporting for weeks before anyone notices.
API Limit Bottlenecks
A single misbehaving integration can consume a disproportionate share of your daily API calls, throttling other critical tools across the portal.
Security Exposure
Every connected app has permissions scopes. Many request broader access than needed, and a third-party breach turns those overly permissive scopes into your liability.
Data Quality Degrades Silently
A broken Salesforce sync might not throw an error. Instead, it might simply stop updating a custom property on new contacts, leading to incomplete records that skew your reporting for weeks before anyone notices. Integration failures rarely announce themselves. They erode data quality gradually, and by the time the damage is visible in dashboards, cleanup is expensive.
API Limits Create Real Bottlenecks
HubSpot enforces API rate limits based on your subscription tier. A single misbehaving integration can consume a disproportionate share of your daily API calls, throttling other critical tools. We have seen portals where a forgotten Zapier automation was making 40,000 unnecessary API calls per day, leaving the sales team’s Outreach integration struggling to sync activities.
We have seen portals where a single forgotten Zapier automation consumed 40,000 API calls per day — over 60% of the portal's daily allocation — leaving critical sales integrations throttled and unreliable.
Security Exposure Grows With Each Connection
Every connected app has a set of permissions, or scopes, that define what it can read, write, or delete in your portal. Many integrations request broader permissions than they actually need. If a third-party vendor experiences a security breach, those overly permissive scopes become your problem.
Step 1: Build Your Complete Integration Inventory
The first step in any integration audit is knowing exactly what is connected to your portal. This sounds straightforward, but most teams underestimate the number of active connections.
Where to Find Connected Apps
Start in Settings > Integrations > Connected Apps in your HubSpot portal. This shows every OAuth-based integration currently authorized. But this list is incomplete. You also need to check:
- ✓Connected Apps — Settings > Integrations > Connected Apps (OAuth-based)
- ✓Private app tokens — Settings > Integrations > Private Apps
- ✓API keys — deprecated but possibly still active in legacy portals
- ✓Workflow-based integrations — webhooks or custom code actions
- ✓Data Hub data sync — Settings > Integrations > Data Sync
- ✓Third-party middleware — Zapier, Make, or Workato connections
Document Every Connection
For each integration, record the following in a spreadsheet or audit template:
| Field | What to Record | Why It Matters |
|---|---|---|
| App name & vendor | Official app name, publisher | Identifies the integration clearly |
| Date installed | Visible in Connected Apps | Reveals how long it has been active |
| Installed by | User who authorized the connection | Identifies ownership and accountability |
| Business purpose | What the integration is supposed to do | Determines if it is still relevant |
| Data direction | One-way push, one-way pull, or bidirectional | Defines data flow risk |
| Objects affected | Contacts, companies, deals, tickets, custom | Scopes the impact of any issue |
| Permission scopes | OAuth scopes granted at authorization | Security review baseline |
| Current status | Active, inactive, or erroring | Immediate action item identification |
This inventory becomes your single source of truth for the rest of the audit. If you are managing multiple portals, a thorough portal audit checklist helps ensure you do not miss anything across accounts.
Step 2: Identify Unused and Broken Connections
With your inventory complete, the next step is determining which integrations are actually doing useful work and which are dead weight.
Signs of an Unused Integration
| Signal | What to Look For | Risk Level |
|---|---|---|
| No recent sync activity | No data movement in 30–60 days | High |
| Installed by former employee | No documentation of purpose | High |
| Duplicate functionality | Two tools syncing the same data | Medium |
| Discontinued source tool | Connected to a tool your team no longer uses | High |
| No identifiable business owner | Nobody can explain why it exists | High |
Detecting Broken Connections
Broken integrations are more dangerous than unused ones because they create a false sense of data flow. Check for:
- Sync error logs in the Data Sync settings panel
- Stale data in properties that should be updating (compare timestamps)
- Workflow errors in automations that rely on integration-mapped properties
- Missing records that exist in the source system but not in HubSpot
- OAuth token expiration notices in Connected Apps
A broken integration feeding stale data into your CRM can corrupt downstream workflows and automations. Fixing these connections often has an immediate positive impact on data quality.
What to Do With Findings
For each unused or broken integration, make one of three decisions:
Remove It
If no one can explain why it exists and it has no recent activity, disconnect it immediately. Revoke OAuth tokens and remove any associated private app credentials.
Repair It
If the integration serves a valid business purpose but is erroring, fix the connection — re-authorize tokens, update field mappings, or resolve sync conflicts.
Replace It
If the integration is outdated or there is a better native HubSpot feature available, migrate to the newer solution and decommission the legacy connection.
Step 3: Run Data Sync Health Checks
For integrations that pass the initial review, you need to validate that their data syncing is accurate and efficient. This is where most teams discover surprises.
HubSpot-Built Sync
Check the Data Sync settings panel for error logs, field mapping status, and last-sync timestamps. Native integrations offer the most transparent health data.
Third-Party Connectors
Review sync logs within the third-party vendor's dashboard. Cross-reference record counts in HubSpot vs. the source system to catch discrepancies.
Private App Connections
Monitor API call logs for error rates, latency spikes, and payload issues. Custom integrations require the most hands-on validation of data accuracy.
Field Mapping Accuracy
Review the field mappings for every active data sync integration. Common issues include:
- Mismatched data types (a text field in the source mapped to a number field in HubSpot)
- One-directional mappings that should be bidirectional (or vice versa)
- Default value conflicts where both systems try to be the source of truth for the same field
- Unmapped critical fields that should be syncing but were never configured
- Custom property mappings that reference deleted or renamed properties
Sync Frequency and Freshness
Determine whether each integration is syncing in real-time, on a schedule, or only on trigger. Then validate whether that frequency matches business requirements. A real-time sync for a system that only updates weekly is wasting API calls. A daily sync for deal stage changes that need to be reflected immediately is creating reporting lag.
| Data Type | Recommended Sync Frequency | Risk if Mismatched |
|---|---|---|
| Deal stage changes | Real-time / webhook | Reporting lag, lost revenue visibility |
| Contact property updates | Near real-time (5–15 min) | Stale segmentation, wrong workflows |
| Marketing engagement data | Hourly batch | Acceptable for most reporting |
| Financial / billing data | Daily batch | Low urgency for CRM use cases |
| Historical analytics | Weekly batch | Minimal operational impact |
Record-Level Validation
Spot-check a sample of records to confirm data accuracy:
- Pick 10-15 contacts or deals at random
- Compare their HubSpot property values against the source system
- Look for discrepancies in key fields like lifecycle stage, deal amount, last activity date, and custom properties
- Document any mismatches and trace them back to a specific integration or sync rule
If you discover systemic data quality issues during this step, a dedicated CRM data cleanup effort may be necessary before re-establishing healthy sync connections.
Step 4: Monitor API Call Usage
API call monitoring is one of the most overlooked aspects of HubSpot portal management. Understanding how your integrations consume API capacity helps you prevent throttling and identify inefficient connections.
How to Check API Usage
Navigate to Settings > Integrations > API Usage in your HubSpot portal. This dashboard shows:
- Total API calls made in the current period
- Breakdown by application (which integration is making the most calls)
- Error rates by endpoint
- Calls approaching or exceeding rate limits
If a single integration is consuming more than 30–40% of your total daily API allocation, it warrants immediate investigation — regardless of whether it appears to be working correctly.
Identifying API Waste
| Waste Pattern | Description | Typical API Impact | Fix |
|---|---|---|---|
| Polling instead of webhooks | Checking for changes every few seconds | 10,000–50,000 calls/day | Switch to event-driven triggers |
| Single-record operations | Updating records one at a time | 5,000–20,000 calls/day | Use batch endpoints |
| Retry storms | Failing requests with no exponential backoff | Unlimited until throttled | Implement backoff logic |
| Full-sync patterns | Pulling all records instead of deltas | Scales with database size | Switch to delta/incremental sync |
| Duplicate middleware calls | Overlapping Zapier/Make workflows | 2x–5x unnecessary volume | Consolidate automations |
Setting Up API Monitoring
For ongoing health, establish monitoring thresholds:
If your portal is approaching API limits, prioritize optimization of the highest-volume integrations first. Sometimes replacing a custom API integration with a native HubSpot data sync connection eliminates thousands of unnecessary calls.
Step 5: Conduct a Security Review of Third-Party Access
Every integration you authorize gains some level of access to your HubSpot data. A security review ensures that access is appropriate, current, and minimal.
Review Permission Scopes
For each connected app, review the OAuth scopes it was granted:
- Does a reporting tool really need write access to contacts?
- Does a chat widget need access to your deal pipeline data?
- Are any integrations granted account-level admin permissions that should be restricted?
Apply the principle of least privilege: each integration should have only the minimum permissions required to perform its function.
Every integration should have only the minimum permissions required to perform its function. If a tool only reads contact data for reporting, it should not have write or delete scopes.
Security Review Checklist
- ✓All OAuth scopes reviewed — no overly permissive access
- ✓Private app tokens rotated in the last 6–12 months
- ✓Private app creators still employed at the organization
- ✓Each private app still actively used for its intended purpose
- ✓Third-party vendors SOC 2 or ISO 27001 certified
- ✓Marketplace apps updated within the last 12 months
- ✓Vendor security incident response process documented
- ✓No known vulnerabilities or breach history for any vendor
- ✓Deprecated API keys fully decommissioned
- ✓Admin-level scopes restricted to essential integrations only
Third-Party Vendor Risk Assessment
For each external vendor integration, consider:
- Is the vendor SOC 2 or ISO 27001 certified?
- When was the app last updated in the HubSpot marketplace?
- Does the vendor have a published security incident response process?
- Are there any known vulnerabilities or breach history?
Integrations from vendors who have not updated their marketplace listing in over a year should be flagged for review. Abandoned integrations are a significant security risk.
Step 6: Develop Optimization Recommendations
After completing the audit, organize your findings into a prioritized action plan.
Priority Framework
| Priority | Business Impact | Effort | Examples |
|---|---|---|---|
| P1 — Critical | Broken syncs, security vulnerabilities | Any | Revoke breached tokens, fix data-loss syncs |
| P2 — High | Unused apps consuming API, stale data | Low–Med | Disconnect dormant apps, clear error queues |
| P3 — Medium | Suboptimal mappings, excessive API usage | Medium | Remap fields, switch polling to webhooks |
| P4 — Low | Documentation gaps, minor scope adjustments | Low | Update audit template, adjust permissions |
Common Optimization Wins
Based on hundreds of integration audits, these are the most common recommendations:
Consolidate Middleware
If you are using Zapier, Make, and a custom webhook for different HubSpot integrations, consolidate to one middleware platform to simplify monitoring and reduce costs.
Switch to Native Data Sync
HubSpot's Data Hub data sync handles many use cases that previously required third-party tools, with built-in error handling and field mapping.
Implement Webhook-Based Triggers
Replace polling patterns with event-driven webhooks to reduce API usage by 60–80% while improving data freshness.
Establish Integration Governance
Require approval before any new app is connected. Assign an owner to every integration and set review schedules.
Schedule Quarterly Reviews
Do not wait for problems to surface. Quarterly integration reviews catch issues before they cascade into data quality or security incidents.
For teams running complex multi-portal environments, integration sprawl is one of the biggest risks. Our guide on multi-account management covers strategies for keeping integrations consistent across portals.
How Jetstack Streamlines Integration Audits
Manual integration audits are thorough but time-consuming. A typical portal with 10-15 integrations can take 8-12 hours to audit manually.
Jetstack’s audit products automate the most tedious parts of this process. Our platform scans your connected apps, maps data flows, flags broken or underperforming integrations, and generates a prioritized action plan in a fraction of the time. The integration audit is part of our comprehensive portal health assessment, which also covers workflows, data quality, and reporting.
Whether you need a one-time deep dive or ongoing integration monitoring, our audit packages scale to your needs. Explore our pre-built solutions in the Jetstack Marketplace or contact our team to discuss a custom integration audit.
Frequently Asked Questions
How often should I audit my HubSpot integrations?
At minimum, conduct a full integration audit quarterly. If your portal has more than 15 connected apps or you are in a high-growth environment where new tools are added frequently, monthly spot checks of API usage and sync health are recommended. Major events like team restructuring, vendor changes, or portal migrations should always trigger an integration review.
What happens when I disconnect an integration from HubSpot?
Disconnecting an integration revokes its OAuth token and stops all data syncing. However, data that has already been synced to HubSpot remains in your portal. Property values, contact records, and historical activities created by the integration are not deleted when you disconnect. You will need to clean up any orphaned data separately.
Can broken integrations cause duplicate records in HubSpot?
Yes, this is one of the most common consequences of integration failures. When a sync connection loses its ability to match records by a unique identifier (like email address), it may create new records instead of updating existing ones. This leads to duplicate contacts, companies, or deals that compound over time.
How do I know if an integration is consuming too many API calls?
Check the API Usage dashboard in Settings > Integrations. If a single integration is consuming more than 30-40% of your total daily API allocation, it warrants investigation. Look at the endpoints being called most frequently and determine whether the integration is using batch operations and delta syncing efficiently.
Should I audit integrations before or after a HubSpot migration?
Both. A pre-migration audit helps you identify which integrations need to be re-established in the new portal and which can be retired. A post-migration audit confirms that all critical integrations were reconnected correctly and data is flowing as expected.
What is the difference between connected apps and private apps in HubSpot?
Connected apps are third-party integrations authorized through OAuth that appear in the HubSpot marketplace. Private apps are custom integrations created within your portal using API access tokens. Private apps offer more granular scope control but require manual token management and rotation. Both types should be included in your integration audit.