400 Bad Request in Contacts (User xxxxxxx does not have permissions on portal xxxxxxx)


{"status":"error","message":"User xxxxxxx does not have permissions on portal xxxxxxx","correlationId":"de09a7ef-6fdd-4fca-ba8b-bc4caf126144","requestId":"c2cd6318c1fff9aa8dffb65dcc418754"}

All of my POST attempts to createOrUpdate by email are failing with this message in the API Monitoring log, I have checked my JSON, my client key/secrets etc... everything is seemingly in order yet I continue to get the 400 Bad Request error.

How am i able to find the user under the ID for the error message I am receiving, this project was inherited by myself from a developer no longer with the company, is it at all possible the integration was somehow tied to his account and now doesn't have proper permissions?

I am at a loss...

This seems to work when a contact is being sent to hubspot for the very first time, past that the "Update" portion of the "createOrUpdate" method in the API does not seem to work

Restoring the user belonging to the dev no longer with the company did the trick, a little bizzare the integrations have to be tied to a user, nothing really bolds this for us developers as far as I can see. Leaving me to ask if we know a way to swap the integrations ties to a different user? I'd like to create a user that can exist no matter the state of the company roster.


Welcome, @nkhirfan!

To clarify, is this a private OAuth integration which a developer who is no longer at your company connected to your company's production account?

For the full picture, I'll need to know both the user ID and Hub ID. While this is a public forum, others viewing this thread will not be able to access any sensitive information.


{"status":"error","message":"User 4440461 does not have permissions on portal 385656","correlationId":"de09a7ef-6fdd-4fca-ba8b-bc4caf126144","requestId":"c2cd6318c1fff9aa8dffb65dcc418754"}

Old (reinstated) UserID: 4440461
Hubspot Portal ID: 385656

I'm not sure if it was a private integration or not, that would be my assumption that it was, despite only ever having that account exist while with the company.


Hi @nkhirfan,

I'm still trying to wrap my head around all of this, but here goes.

OAuth integrations are not truly tied to users, but certain APIs and endpoints will try to confirm that the user who originally authorized the integration still has the correct permissions (scopes).

In most cases, the access token is enough and HubSpot won't look up the authorizing user's scopes. If an endpoint like contact/createOrUpdate does check the authorizing user's permissions, however, only to find the user deleted, it will throw the error above.

If you re-authorize the integration, you will effectively make the integration look to your scopes in these rare cases going forward.