From hubspot-pack
Survive HubSpot API rate limits at production scale. Covers daily 500K portal quota, per-10s burst limits, batch API efficiency (100x), token bucket pattern, queue-based worker architecture, and Retry-After header parsing. Use when a sync job burns the daily quota before 8am, when a parallelized batch job retry-storms on 429s, when single-record reads waste 99% of available throughput, or when instrumenting a rate-limit dashboard for an Ops Hub Enterprise portal. Trigger with "hubspot rate limit", "hubspot quota", "hubspot 429", "hubspot batch API", "hubspot token bucket", "hubspot throttle", "hubspot daily limit exhausted", "hubspot Ops Hub rate limit".
How this skill is triggered — by the user, by Claude, or both
Slash command
/hubspot-pack:hubspot-rate-limit-survivalThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Rate-limit your HubSpot integration so it survives production volume without burning the portal's daily quota before lunch. This skill covers the six failure modes that take down integrations at scale and gives you the code to prevent each one.
Rate-limit your HubSpot integration so it survives production volume without burning the portal's daily quota before lunch. This skill covers the six failure modes that take down integrations at scale and gives you the code to prevent each one.
Key invariant: HubSpot rate limits are portal-scoped, not app-scoped. Every private app and OAuth app in the same portal shares the same daily and per-10s buckets. There is no per-app isolation.
The six production failures this skill prevents:
GET /contacts/{id} costs 1 quota unit and returns 1 record. POST /contacts/batch/read with 100 IDs costs 1 unit and returns 100 records. Single-record reads waste 99% of available throughput.Retry-After: N. Backing off by 1s when N=30 produces 29 consecutive failures. Backing off by 30s when N=1 adds unnecessary latency. Always parse and honor the header exactly.@hubspot/api-client (npm) or hubspot (pip) for SDK-based integrationsbullmq (npm) or celery+redis-py (Python)Auth: Every API call requires Authorization: Bearer {token}. For token acquisition and caching, see hubspot-auth skill. This skill assumes a valid token is already available.
Build in this order. Steps 1–3 are mandatory. Steps 4–6 apply when volume exceeds ~50,000 calls/day or when multiple apps share the portal.
Every HubSpot response carries both bucket states. Never fly blind.
interface RateLimitState {
dailyLimit: number;
dailyRemaining: number;
windowMs: number;
windowMax: number;
windowRemaining: number;
}
let rl: RateLimitState = {
dailyLimit: 500_000, dailyRemaining: 500_000,
windowMs: 10_000, windowMax: 100, windowRemaining: 100,
};
function updateRateLimitState(headers: Headers): void {
if (headers.get("X-HubSpot-RateLimit-Daily"))
rl.dailyLimit = parseInt(headers.get("X-HubSpot-RateLimit-Daily")!, 10);
if (headers.get("X-HubSpot-RateLimit-Daily-Remaining"))
rl.dailyRemaining = parseInt(headers.get("X-HubSpot-RateLimit-Daily-Remaining")!, 10);
if (headers.get("X-HubSpot-RateLimit-Max"))
rl.windowMax = parseInt(headers.get("X-HubSpot-RateLimit-Max")!, 10);
if (headers.get("X-HubSpot-RateLimit-Remaining"))
rl.windowRemaining = parseInt(headers.get("X-HubSpot-RateLimit-Remaining")!, 10);
const pctUsed = 1 - rl.dailyRemaining / rl.dailyLimit;
console.log(JSON.stringify({
event: "hubspot_rate_limit_state",
daily_remaining: rl.dailyRemaining,
daily_pct_used: parseFloat(pctUsed.toFixed(4)),
window_remaining: rl.windowRemaining,
}));
}
A token bucket is the correct primitive for the per-10s burst limit. Callers block until a slot is available instead of firing and failing.
class TokenBucket {
private tokens: number;
private lastRefillAt: number;
constructor(
private readonly capacity: number,
private readonly refillRatePerMs: number,
) {
this.tokens = capacity;
this.lastRefillAt = Date.now();
}
consume(count = 1): number { // returns ms to wait; 0 = immediate
const now = Date.now();
this.tokens = Math.min(
this.capacity,
this.tokens + (now - this.lastRefillAt) * this.refillRatePerMs,
);
this.lastRefillAt = now;
if (this.tokens >= count) { this.tokens -= count; return 0; }
return Math.ceil((count - this.tokens) / this.refillRatePerMs);
}
}
// Private app, standard plan: 100 req/10s = 0.01 req/ms
// Ops Hub Enterprise: 100 req/s = 0.1 req/ms
const BUCKETS = {
starter: new TokenBucket(100, 10 / 10_000),
professional: new TokenBucket(150, 15 / 10_000),
ops_hub_enterprise: new TokenBucket(1000, 100 / 10_000),
};
type PlanTier = keyof typeof BUCKETS;
let activeBucket: TokenBucket = BUCKETS.starter;
export function configurePlanTier(tier: PlanTier): void {
activeBucket = BUCKETS[tier];
}
export async function acquireToken(): Promise<void> {
const waitMs = activeBucket.consume();
if (waitMs > 0) await new Promise((r) => setTimeout(r, waitMs));
}
Honor the exact backoff value HubSpot specifies. Full implementation with mock-server test harness in implementation-guide.md.
function parseRetryAfterMs(headers: Headers): number | null {
const raw = headers.get("Retry-After");
if (!raw) return null;
const s = parseInt(raw, 10);
return isNaN(s) ? null : s * 1_000;
}
export async function hubspotFetch(
path: string,
init: RequestInit = {},
maxAttempts = 5,
): Promise<Response> {
for (let attempt = 1; attempt <= maxAttempts; attempt++) {
await acquireToken();
const res = await fetch(`https://api.hubapi.com${path}`, {
...init,
headers: {
Authorization: `Bearer ${process.env.HUBSPOT_ACCESS_TOKEN!}`,
"Content-Type": "application/json",
...init.headers,
},
});
updateRateLimitState(res.headers);
if (res.ok) return res;
const retryable = res.status === 429 || (res.status >= 500 && res.status < 600);
if (!retryable || attempt === maxAttempts) throw new Error(`HubSpot ${res.status}: ${path}`);
const delayMs = parseRetryAfterMs(res.headers)
?? Math.random() * Math.min(60_000, 500 * 2 ** attempt);
await new Promise((r) => setTimeout(r, delayMs));
}
throw new Error("unreachable");
}
Auto-chunk any array of IDs into groups of 100. Each chunk costs 1 quota unit.
const BATCH_SIZE = 100; // HubSpot hard limit
function chunk<T>(arr: T[], size = BATCH_SIZE): T[][] {
const chunks: T[][] = [];
for (let i = 0; i < arr.length; i += size) chunks.push(arr.slice(i, i + size));
return chunks;
}
export async function batchRead(
objectType: "contacts" | "companies" | "deals" | "tickets",
ids: string[],
properties: string[],
): Promise<{ results: unknown[]; errors: unknown[] }> {
const results: unknown[] = [];
const errors: unknown[] = [];
for (const batch of chunk(ids)) {
const res = await hubspotFetch(`/crm/v3/objects/${objectType}/batch/read`, {
method: "POST",
body: JSON.stringify({ inputs: batch.map((id) => ({ id })), properties }),
});
const body = await res.json() as { results: unknown[]; errors?: unknown[] };
results.push(...body.results);
if (body.errors) errors.push(...body.errors);
}
return { results, errors };
}
Halt lower-priority work before the portal goes dark.
type Priority = "critical" | "high" | "normal" | "low";
const SHUTOFF: Record<Priority, number> = {
critical: 0.99, high: 0.95, normal: 0.90, low: 0.80,
};
export function assertDailyQuotaAvailable(priority: Priority): void {
const pctConsumed = 1 - rl.dailyRemaining / rl.dailyLimit;
if (pctConsumed >= SHUTOFF[priority]) {
throw new Error(
`Daily quota shutoff: ${(pctConsumed * 100).toFixed(1)}% consumed — ` +
`${priority} priority requests halted`,
);
}
}
Read X-HubSpot-RateLimit-Max from the first response instead of hard-coding the tier.
export async function detectAndConfigurePlanTier(): Promise<PlanTier> {
const res = await fetch(
"https://api.hubapi.com/crm/v3/objects/contacts?limit=1",
{ headers: { Authorization: `Bearer ${process.env.HUBSPOT_ACCESS_TOKEN!}` } },
);
const max = parseInt(res.headers.get("X-HubSpot-RateLimit-Max") ?? "100", 10);
const tier: PlanTier =
max >= 1000 ? "ops_hub_enterprise" :
max >= 150 ? "professional" :
"starter";
configurePlanTier(tier);
console.log(`HubSpot plan tier: ${tier} (window max: ${max})`);
return tier;
}
| HTTP Status | Error Code | Root Cause | Action |
|---|---|---|---|
429 | RATE_LIMIT / policyName: SECONDLY | Per-10s burst window exhausted | Read Retry-After; wait exactly that many seconds |
429 | RATE_LIMIT / policyName: DAILY | 500K/day quota exhausted | Stop all non-critical calls; resume after midnight UTC |
400 | BATCH_SIZE_EXCEEDED | More than 100 IDs in batch payload | Chunk inputs to max 100; batchRead wrapper handles this |
400 | INVALID_BATCH_REQUEST | Malformed batch payload | Verify inputs is [{id: string}]; properties is an array |
403 | MISSING_SCOPES | Token lacks scope for the object type | Add required scope in HubSpot Settings → Private Apps |
403 | PORTAL_NOT_ALLOWED | Ops Hub Enterprise feature on lower-tier plan | Reduce throughput target; verify plan tier via X-HubSpot-RateLimit-Max |
5xx | INTERNAL_ERROR | HubSpot transient error | Retry with exponential backoff; typically resolves within 60s |
Diagnose daily vs burst 429:
curl -sv "https://api.hubapi.com/crm/v3/objects/contacts?limit=1" \
-H "Authorization: Bearer $HUBSPOT_ACCESS_TOKEN" 2>&1 \
| grep -E "< (X-HubSpot|Retry-After|HTTP)"
# Retry-After 1-30s + Daily-Remaining > 0 → burst window
# Daily-Remaining = 0 → daily quota
curl -sI "https://api.hubapi.com/crm/v3/objects/contacts?limit=1" \
-H "Authorization: Bearer $HUBSPOT_ACCESS_TOKEN" \
| grep -i "X-HubSpot-RateLimit\|Retry-After"
curl -s "https://api.hubapi.com/crm/v3/objects/contacts/batch/read" \
-H "Authorization: Bearer $HUBSPOT_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"inputs":[{"id":"1"},{"id":"2"},{"id":"3"}],"properties":["email","firstname"]}' \
| jq '{count: (.results | length), errors: (.errors | length)}'
import os, json, requests
def check_quota() -> dict:
r = requests.get(
"https://api.hubapi.com/crm/v3/objects/contacts",
headers={"Authorization": f"Bearer {os.environ['HUBSPOT_ACCESS_TOKEN']}"},
params={"limit": 1},
)
daily = int(r.headers.get("X-HubSpot-RateLimit-Daily", 500_000))
rem = int(r.headers.get("X-HubSpot-RateLimit-Daily-Remaining", daily))
pct = 1 - rem / daily
return {"daily_remaining": rem, "pct_consumed": round(pct, 4),
"shutoff_active": pct >= 0.90,
"window_remaining": int(r.headers.get("X-HubSpot-RateLimit-Remaining", 0))}
print(json.dumps(check_quota(), indent=2))
hubspotFetch wrapper parsing Retry-After on every 429 and backing off by the server-specified durationAPI_REFERENCE.md — all rate-limit headers, limit tiers by plan, batch endpoint signatures, 429 response shapesimplementation-guide.md — Python token bucket, Bull/Redis queue worker, daily quota dashboard metrics, Retry-After parser, batch chunker, mock-server test harnessnpx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin hubspot-pack2plugins reuse this skill
First indexed Jul 18, 2026
Provides patterns for HubSpot CRM integration including OAuth 2.0 authentication, private app tokens, CRM objects, associations, batch operations, webhooks, and custom objects using Node.js and Python SDKs.
Manages production HubSpot authentication including OAuth token caching, rate-limit handling, multi-portal credential routing, and scope drift recovery.
Handles Intercom API rate limits with exponential backoff, request queuing, and proactive header monitoring to avoid 429 errors.