Make a GET call api with authorization in Custom Code Action

splancon · ‎Oct 22, 2025

Hello,

I try to get data from External api in a custom action in workflow. The external API need authorization header, but it seems that header Authorization not used by axios.

Here is my code.

const axios = require('axios')
  
exports.main = async (event, callback) => {
  const apiUrl = 'http://www.cloud.lims.fr/lims/webservices/clients/FakeId';
  const email = event.inputFields['email'];
  
  const headers = {
    'Authorization': "Basic "+Buffer.from(process.env.limseo_test_auth).toString("base64"),
    'Content-Type': 'application/json'
  };
  console.log(headers);
 
  axios.get(
    apiUrl,
    { 'headers': headers }
  )
  .then(response => {
    console.log(response.data);
  }).catch(function (error) {
        if (error.response) {
          // Request made and server responded
          console.log(error.response.data);
          console.log(error.response.status);
          console.log(error.response.headers);
        } else if (error.request) {
          // The request was made but no response was received
          console.log(error.request);
        } else {
          // Something happened in setting up the request that triggered an Error
          console.log('Error', error.message);
        }
    });

  callback({
    outputFields: {
      email: email
    }
  });
}

The code seems good, I tried it directly in an index.js on my local machine and I get expected response and if I a try with a wrong basic authorization I get Non authorized response.

In Hubspot, my call is redirect to the login page of the external app like if the authorization is missing.

Does anyone have any idea about this problem?

Thanks in advance for your reponses.

nickdeckerdevs1 · ‎Oct 23, 2025

When you console log the headers - do they match 100% between local and hubspot environments?

If they do I'd look at the api you are connecting to to see if there is a domain or url white list that you need to set up.
if not:

id guess it might be your secret not set or activated in the custom code

Moderator note: While this might not be the solution to the original poster's question, it might be helpful for other Community Members.

View solution in original post

Humashankar · ‎Oct 23, 2025

Hi @splancon

The screenshot you attached clearly shows that the Authorization header sent in both the local Node.js environment and the HubSpot Custom Code Action is identical, so the header formatting or value itself is not the source of the issue.

Given that:

The problem does not seem to be related to the header's value, domain whitelisting, or the API endpoint, since when you use Python (instead of Node.js/axios) in HubSpot custom code, the external API call succeeds and authorization works as expected.

Just to bottomline,

Given your setup works fine in Python custom code, you may be encountering a HubSpot-specific restriction or bug with Node.js/axios requests involving the Authorization header. If the above suggestions do not resolve it, consider switching to Python for your workflow's custom action (if that is an option), as that approach has a proven track record in HubSpot custom workflow actions for authenticated external API calls.

If you need to persist with Node.js, open a ticket with HubSpot developer support referencing your findings - identical headers, API behavior change only in Node.js, and Python bypasses the issue. Attach your logs and request details, they may need to whitelist Node.js authorization behavior or provide guidance for your Operations Hub environment.

To lear more on the Custom Code Action in HubSpot,

HubSpot Community - Re: How to Add an Authorization Header to Custom Workflow Actions? - HubSpot Com...

Hope this helps - Happy to help further!!
Thank you very much and have a great one!
Warm regards

Humashankar VJ
HubSpot Enthusiast and Key Advisor | Engineering Manager

View solution in original post

nickdeckerdevs1 · ‎Oct 23, 2025

When you console log the headers - do they match 100% between local and hubspot environments?

If they do I'd look at the api you are connecting to to see if there is a domain or url white list that you need to set up.
if not:

id guess it might be your secret not set or activated in the custom code

Moderator note: While this might not be the solution to the original poster's question, it might be helpful for other Community Members.

splancon · ‎Oct 23, 2025

The authorization headers is strickly identical between local and hubspot environments. I atteched a screenshot to show them, the end of the authorization header is truncated about securtiy but each as the same value.

It's not about a white list on domain or URL, because in Hubspot it's works perfectly if I use Pyhton to make my custom code.

BérangèreL · ‎Oct 23, 2025

Hi @splancon and welcome, we are so glad to have you here!

Thanks for reaching out to the HubSpot Community!

To start with, I'd like to share resources that might help you:

- Authentication overview
- HubSpot APIs | Authentication methods on HubSpot
- Use webhooks with HubSpot workflows

Now, let's consult our Top Experts: Hi @HubDoPete, @nickdeckerdevs1 and @Humashankar do you have suggestions to help @splancon, please?

Have a great day and thanks so much!
Bérangère

Loop Marketing is a new four-stage approach that combines AI efficiency and human authenticity to drive growth.

Learn More

Humashankar · ‎Oct 23, 2025

Hi @splancon

The screenshot you attached clearly shows that the Authorization header sent in both the local Node.js environment and the HubSpot Custom Code Action is identical, so the header formatting or value itself is not the source of the issue.

Given that:

The problem does not seem to be related to the header's value, domain whitelisting, or the API endpoint, since when you use Python (instead of Node.js/axios) in HubSpot custom code, the external API call succeeds and authorization works as expected.

Just to bottomline,

Given your setup works fine in Python custom code, you may be encountering a HubSpot-specific restriction or bug with Node.js/axios requests involving the Authorization header. If the above suggestions do not resolve it, consider switching to Python for your workflow's custom action (if that is an option), as that approach has a proven track record in HubSpot custom workflow actions for authenticated external API calls.

If you need to persist with Node.js, open a ticket with HubSpot developer support referencing your findings - identical headers, API behavior change only in Node.js, and Python bypasses the issue. Attach your logs and request details, they may need to whitelist Node.js authorization behavior or provide guidance for your Operations Hub environment.

To lear more on the Custom Code Action in HubSpot,

HubSpot Community - Re: How to Add an Authorization Header to Custom Workflow Actions? - HubSpot Com...

Hope this helps - Happy to help further!!
Thank you very much and have a great one!
Warm regards

Humashankar VJ
HubSpot Enthusiast and Key Advisor | Engineering Manager

Make a GET call api with authorization in Custom Code Action

Sign up for the RevOps with HubSpot Newsletter