HubSpot

Private-app access token for the HubSpot CRM API.

Field	Description	Required
Private App Access Token	From Settings → Integrations → Private Apps in HubSpot (starts with pat-). Grant the CRM scopes your workflow needs (e.g. crm.objects.contacts.read/write).	Yes
App Client Secret	From your app’s Auth tab. Required only for real-time HubSpot triggers (webhooks) so we can verify inbound event signatures.	No

Step 1: In HubSpot, go to Settings → Integrations → Private Apps and click Create a private app.
Step 2: On the Scopes tab, add the CRM scopes your workflows need. For full use of the HubSpot node and trigger, grant read and write on crm.objects.contacts, crm.objects.companies, crm.objects.deals, and crm.objects.tickets.
Step 3: Create the app and copy the access token (starts with pat-).
Step 4: In Falcon Builder, go to Dashboard → Credentials → Add Credential, pick HubSpot, and paste the token.
Step 5: Click Test Connection. We hit GET /crm/v3/objects/contacts?limit=1 to confirm the token and its scopes.
Step 6 (real-time triggers only): Copy the app's Client Secret from the Auth tab into the credential's Client Secret field so we can verify inbound webhook signatures.

Private-app tokens are scoped to a single HubSpot account. Create one credential per account you want to automate.
A 403 on test usually means the token is valid but missing a CRM scope — add the scope in HubSpot and the token updates automatically.

Create, update, search, and delete contacts, companies, deals, and tickets in HubSpot CRM.

Trigger workflows when a HubSpot record is created or updated.