topic Re: Single-Send API Via Private App in APIs & Integrations

Single-Send API Via Private App

SenojLuap — Mon, 08 Dec 2025 13:50:34 GMT

I'm currently trying to integrate with our Jira instance to automate the sending of emails from HubSpot. To do this, I'm using the Single Send API and a private/legacy app.

The problem I'm encountering is that when I attempt to use the single-send endpoint with a private app, I get a response stating that the endpoint requires OAuth authentication. The api documentation here suggests that I should be able to authenticate with either OAuth or the private applications key.

Which one is incorrect? Having to go through OAuth would be a real pain in the butt for this use-case.

Re: Single-Send API Via Private App

SamTassey — Mon, 08 Dec 2025 14:32:06 GMT

Hi @SenojLuap,

Welcome to the Community!

I see that you're looking to use the Single Send API. In case our peers may need some more details to point you in the right direction, would you mind including the response that you're receiving, along with the request you're using as well?

In the meantime, I'm going to loop in a few of our experts here: @RubenBurdin, @GRajput, @evaldas, @SteveHTM.

Do you have any suggestions for @SenojLuap?

Thank you!

Sam, Community Manager

Re: Single-Send API Via Private App

SteveHTM — Mon, 08 Dec 2025 14:57:07 GMT

@SenojLuap - an additional question here. Can you confirm that you are creating the headers for this API request in exactly the same way that you are for other API requests (which presumably succeed at least with respect to authentication). I have had error messsages in the past that state Oauth is required, but I found this was simply a case of a header programming error.

Hope this is helpful.

Steve

Re: Single-Send API Via Private App

SenojLuap — Mon, 08 Dec 2025 15:46:13 GMT

I've been using Curl for testing:

curl --request POST \ --url https://api.hubapi.com/marketing/v4/email/single-send \ --header 'Content-Type: application/json' \ --header 'private-app: <redacted>' \ --data ' { "emailId": <redacted>, "message": { "to": "<redacted>", }, "contactProperties": {}, "customProperties": { "issueKey": "DEV-18232", "reason": "timeout" } } '

And I get the response:

{"status":"error","message":"Authentication credentials not found. This API supports OAuth 2.0 authentication and you can find more details at https://developers.hubspot.com/docs/methods/auth/oauth-overview","correlationId":"<redacted>","category":"INVALID_AUTHENTICATION"}

I haven't used any other 'v4' APIs, so I can't compare my results to theirs. This curl request was actually copied from the documentation and updated with my information.

However, since I've made this post I have switched to using a 'v3' api (/marketing/v3/transactional/single-email/send) and used the 'Bearer' authorization. That has worked. So technically I'm not blocked anymore, but I'd still like to know what's up with the v4 API since that seems to be the more appropriate one.

Re: Single-Send API Via Private App

SamTassey — Wed, 10 Dec 2025 16:41:37 GMT

Hi @SenojLuap,

Thank you for sharing your update and the resolution. Your feedback helps the community and others facing similar issues!

Looking into the V4 request that you've shared above, the only thing that sticks out to me is the the Headers there. As seen in our Dev Docs here it appears to be using a 'Authorization: Bearer <token>' in the first header. Is this something that you're able to attempt?

curl --request POST \
--url https://api.hubapi.com/marketing/v4/email/single-send \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '

I'd like to tag in a few of our experts to see if they have any tips and tricks on this @SteveHTM, @RubenBurdin, @TomM2

Do you have any suggestions for @SenojLuap?

Thank you!

Sam, Community Manager

Re: Single-Send API Via Private App

SteveHTM — Wed, 10 Dec 2025 17:24:47 GMT

I agree, this looks to be the root of the problem,

Steve

Re: Single-Send API Via Private App

SenojLuap — Thu, 11 Dec 2025 17:32:45 GMT

OK, I re-tested with your suggestion. The documentation (https://developers.hubspot.com/docs/api-reference/marketing-single-send-v4/single-send/post-marketing-v4-email-single-send) explains that you should use the 'private-apps' header. However, using the 'Autorization: Bearer' header as you suggested, the API does respond correctly.

So it sounds like the problem here is with the documentation.

Re: Single-Send API Via Private App

RubenBurdin — Mon, 15 Dec 2025 18:09:25 GMT

Hi @SenojLuap , you’re not crazy, your test is telling you the truth. For the Single Send v4 endpoint, a private app token is sent the same way as an OAuth access token: in the Authorization header as a Bearer token. HubSpot doesn’t have a separate “private-app” auth header for this endpoint, which is why your --header 'private-app: <token>' request comes back as “credentials not found.” The working example in the current v4 endpoint docs also shows Authorization: Bearer <token> (https://developers.hubspot.com/docs/api-reference/marketing-single-send-v4/single-send/post-marketing-v4-email-single-send )

So the “OAuth required” error message is a bit misleading here. It’s really saying “I didn’t find valid auth in the place I expect it.” Private app tokens are “static auth” tokens, but they still ride in the Bearer header, same as OAuth. HubSpot’s authentication overview spells out that both auth types exist, but the transport is still standard Authorization headers (https://developers.hubspot.com/docs/apps/developer-platform/build-apps/authentication/overview )

Two quick checks to avoid another rabbit hole:
Make sure the private app has the right scope for Single Send (marketing email scope), and make sure you’re hitting api.hubapi.com with the Bearer header exactly (capitalization matters for Authorization in some HTTP clients). If you share the exact curl you used once it worked (with the token redacted), I can sanity-check the remaining fields too, especially around the message.to vs contact creation behavior.