Single-Send API Via Private App

SenojLuap · ‎Dec 8, 2025

I'm currently trying to integrate with our Jira instance to automate the sending of emails from HubSpot. To do this, I'm using the Single Send API and a private/legacy app.

The problem I'm encountering is that when I attempt to use the single-send endpoint with a private app, I get a response stating that the endpoint requires OAuth authentication. The api documentation here suggests that I should be able to authenticate with either OAuth or the private applications key.

Which one is incorrect? Having to go through OAuth would be a real pain in the butt for this use-case.

SteveHTM · ‎Dec 8, 2025

@SenojLuap - an additional question here. Can you confirm that you are creating the headers for this API request in exactly the same way that you are for other API requests (which presumably succeed at least with respect to authentication). I have had error messsages in the past that state Oauth is required, but I found this was simply a case of a header programming error.

Hope this is helpful.

Steve

Steve Christian

HTM Solutions

https://info.htmsolutions.biz/meetings/stevec2

+1 6195183009

stevec@htmsolutions.biz

www.htmsolutions.biz

San Diego, CA

Create Your Own Free Signature

View solution in original post

SteveHTM · ‎Dec 10, 2025

I agree, this looks to be the root of the problem,

Steve

Steve Christian

HTM Solutions

https://info.htmsolutions.biz/meetings/stevec2

+1 6195183009

stevec@htmsolutions.biz

www.htmsolutions.biz

San Diego, CA

Create Your Own Free Signature

View solution in original post

RubenBurdin · a month ago

Hi @SenojLuap , you’re not crazy, your test is telling you the truth. For the Single Send v4 endpoint, a private app token is sent the same way as an OAuth access token: in the Authorization header as a Bearer token. HubSpot doesn’t have a separate “private-app” auth header for this endpoint, which is why your --header 'private-app: <token>' request comes back as “credentials not found.” The working example in the current v4 endpoint docs also shows Authorization: Bearer <token> (https://developers.hubspot.com/docs/api-reference/marketing-single-send-v4/single-send/post-marketin... )

So the “OAuth required” error message is a bit misleading here. It’s really saying “I didn’t find valid auth in the place I expect it.” Private app tokens are “static auth” tokens, but they still ride in the Bearer header, same as OAuth. HubSpot’s authentication overview spells out that both auth types exist, but the transport is still standard Authorization headers (https://developers.hubspot.com/docs/apps/developer-platform/build-apps/authentication/overview )

Two quick checks to avoid another rabbit hole:
Make sure the private app has the right scope for Single Send (marketing email scope), and make sure you’re hitting api.hubapi.com with the Bearer header exactly (capitalization matters for Authorization in some HTTP clients). If you share the exact curl you used once it worked (with the token redacted), I can sanity-check the remaining fields too, especially around the message.to vs contact creation behavior.

Did my answer help? Please mark it as a solution to help others find it too.

	Ruben Burdin HubSpot Advisor Founder @ Stacksync Real-Time Data Sync between any CRM and Database

View solution in original post

RubenBurdin · a month ago

Hi @SenojLuap , you’re not crazy, your test is telling you the truth. For the Single Send v4 endpoint, a private app token is sent the same way as an OAuth access token: in the Authorization header as a Bearer token. HubSpot doesn’t have a separate “private-app” auth header for this endpoint, which is why your --header 'private-app: <token>' request comes back as “credentials not found.” The working example in the current v4 endpoint docs also shows Authorization: Bearer <token> (https://developers.hubspot.com/docs/api-reference/marketing-single-send-v4/single-send/post-marketin... )

So the “OAuth required” error message is a bit misleading here. It’s really saying “I didn’t find valid auth in the place I expect it.” Private app tokens are “static auth” tokens, but they still ride in the Bearer header, same as OAuth. HubSpot’s authentication overview spells out that both auth types exist, but the transport is still standard Authorization headers (https://developers.hubspot.com/docs/apps/developer-platform/build-apps/authentication/overview )

Two quick checks to avoid another rabbit hole:
Make sure the private app has the right scope for Single Send (marketing email scope), and make sure you’re hitting api.hubapi.com with the Bearer header exactly (capitalization matters for Authorization in some HTTP clients). If you share the exact curl you used once it worked (with the token redacted), I can sanity-check the remaining fields too, especially around the message.to vs contact creation behavior.

Did my answer help? Please mark it as a solution to help others find it too.

	Ruben Burdin HubSpot Advisor Founder @ Stacksync Real-Time Data Sync between any CRM and Database

SamTassey · ‎Dec 10, 2025

Hi @SenojLuap,

Thank you for sharing your update and the resolution. Your feedback helps the community and others facing similar issues!

Looking into the V4 request that you've shared above, the only thing that sticks out to me is the the Headers there. As seen in our Dev Docs here it appears to be using a 'Authorization: Bearer <token>' in the first header. Is this something that you're able to attempt?

curl --request POST \
--url https://api.hubapi.com/marketing/v4/email/single-send \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '

I'd like to tag in a few of our experts to see if they have any tips and tricks on this @SteveHTM, @RubenBurdin, @TomM2

Do you have any suggestions for @SenojLuap?

Thank you!

Sam, Community Manager

SteveHTM · ‎Dec 10, 2025

I agree, this looks to be the root of the problem,

Steve

Steve Christian

HTM Solutions

https://info.htmsolutions.biz/meetings/stevec2

+1 6195183009

stevec@htmsolutions.biz

www.htmsolutions.biz

San Diego, CA

Create Your Own Free Signature

SteveHTM · ‎Dec 8, 2025

@SenojLuap - an additional question here. Can you confirm that you are creating the headers for this API request in exactly the same way that you are for other API requests (which presumably succeed at least with respect to authentication). I have had error messsages in the past that state Oauth is required, but I found this was simply a case of a header programming error.

Hope this is helpful.

Steve

Steve Christian

HTM Solutions

https://info.htmsolutions.biz/meetings/stevec2

+1 6195183009

stevec@htmsolutions.biz

www.htmsolutions.biz

San Diego, CA

Create Your Own Free Signature

SenojLuap · ‎Dec 11, 2025

OK, I re-tested with your suggestion. The documentation (https://developers.hubspot.com/docs/api-reference/marketing-single-send-v4/single-send/post-marketin...) explains that you should use the 'private-apps' header. However, using the 'Autorization: Bearer' header as you suggested, the API does respond correctly.

So it sounds like the problem here is with the documentation.

SamTassey · ‎Dec 8, 2025

Hi @SenojLuap,

Welcome to the Community!

I see that you're looking to use the Single Send API. In case our peers may need some more details to point you in the right direction, would you mind including the response that you're receiving, along with the request you're using as well?

In the meantime, I'm going to loop in a few of our experts here: @RubenBurdin, @GRajput, @evaldas, @SteveHTM.

Do you have any suggestions for @SenojLuap?

Thank you!

Sam, Community Manager

SenojLuap · ‎Dec 8, 2025

I've been using Curl for testing:

curl --request POST \
 --url https://api.hubapi.com/marketing/v4/email/single-send \
 --header 'Content-Type: application/json' \
 --header 'private-app: <redacted>' \
 --data '
{
 "emailId": <redacted>,
 "message": {
   "to": "<redacted>",
 },
 "contactProperties": {},
 "customProperties": {
   "issueKey": "DEV-18232",
   "reason": "timeout"
 }
}
'

And I get the response:

{"status":"error","message":"Authentication credentials not found. This API supports OAuth 2.0 authentication and you can find more details at https://developers.hubspot.com/docs/methods/auth/oauth-overview","correlationId":"<redacted>","category":"INVALID_AUTHENTICATION"}

I haven't used any other 'v4' APIs, so I can't compare my results to theirs. This curl request was actually copied from the documentation and updated with my information.

However, since I've made this post I have switched to using a 'v3' api (/marketing/v3/transactional/single-email/send) and used the 'Bearer' authorization. That has worked. So technically I'm not blocked anymore, but I'd still like to know what's up with the v4 API since that seems to be the more appropriate one.

Single-Send API Via Private App

Steve Christian

Steve Christian

Steve Christian

Steve Christian

Sign up for the Developer Newsletter