Skip to main content

Run in Postman

 You can use this API to check which users have access to specific CRM records in a HubSpot account. Response data will include a list of user IDs that correspond to the users in that account, along with the granular permissions that those users have been granted for the CRM record you provided (e.g., users who can edit or communicate with a given contact).

HCRN format

The public permissions API uses the HCRN format for querying and displaying permissions based on the HubSpot account, CRM record type, and CRM record ID you’re requesting. This format always begins with hcrn:, followed by the associated IDs you’re looking to query for: 
hcrn:{accountId}:{resourceType}:{resourceTypeId}:{resourceId}
IDDescription
accountIdThe ID of the HubSpot account you want to query permission data from.
resourceTypeThe category of resource you want to query permissions for. The only value currently supported is crm-object.
resourceTypeIdThe identifier for this resource type, e.g., an object type ID. You can find a full list of object type IDs here.
resourceIdThe ID of the specific instance of this resource (e.g., the ID of a specific contact).
Please note:You can only currently query for permission to access contacts, companies, deals, and tickets.
Learn how to use the HCRN format to query for user permissions in the section below.

Get user permissions for CRM records

There are two endpoints available for retrieving user permission data for CRM records: unpaginated and paginated.

Retrieving user permission data without pagination

To get unpaginated user permissions for CRM record data in a HubSpot account, make a GET request to /resource-permissions/v3/permitted-users?resource={hrcn}, where the hcrn matches the IDs and types you want to retrieve permission data for. For example, if your HubSpot account ID was 123456 and you wanted to get user permissions for access to a contact with an ID of 64151, you’d make a GET request to /resource-permissions/v3/permitted-users?resource=hcrn:2086383:crm-object:0-1. The results would resemble the following: 
{
  "resources": {
    "hcrn:123456:crm-object:0-1:64151": {
      "crm-object:COMMUNICATE": {
        "action": "crm-object:COMMUNICATE",
        "permittedUsers": [
          2620022,
          2805887,
          2859646
        ]
      },
      "crm-object:EDIT": {
        "action": "crm-object:EDIT",
        "permittedUsers": [
          2620022,
          2805887
        ]
      },
      "crm-object:VIEW": {
        "action": "crm-object:VIEW",
        "permittedUsers": [
          2620022,
          2805887,
          2859646,
          4511561,
          4833320,
          5158531,
          9586504
        ]
      },
      "crm-object:DELETE": {
        "action": "crm-object:DELETE",
        "permittedUsers": [
          2620022
        ]
      }
    }
  }
}

Retrieving user permission data with pagination

You can also retrieve user permission data for CRM records using a separate endpoint that supports pagination. To get paginated user permission data, make a GET request to /resource-permissions/v3/permitted-users/paged?resource={hcrn}. You can then include two additional query parameters in your request:
  • after: return results following the key provided (e.g., ?after=ODk5OTQyODU0 would return the next page of results, using the previous "after": "ODk5OTQyODU0" property returned within the paging.next field in a prior response).
  • limit: limit the results in the response, up to a maximum of 1000.
For example, to retrieve the next 100 entries when the previous response included an after value of MjYyMDAyMg%3D%3D, and the hcrn you were querying was hcrn:2086383:crm-object:0-1, you’d make a GET request to /resource-permissions/v3/permitted-users?resource=hcrn:2086383:crm-object:0-1&after=MjYyMDAyMg%3D%3D&limit=100. The results would resemble the following: 
{
  "results": [
    {
      "resource": "hcrn:123456:crm-object:0-1:64151",
      "actionPermittedUsers": {
        "crm-object:COMMUNICATE": {
          "action": "crm-object:COMMUNICATE",
          "permittedUsers": [
            899942852,
            899942854,
            899942848,
            899942850,
            899942844
          ]
        }
      },
      "createdAt": 1760112066122,
      "updatedAt": 1760112066122
    },
    {
      "resource": "hcrn:123456:crm-object:0-1:64151",
      "actionPermittedUsers": {
        "crm-object:VIEW": {
          "action": "crm-object:VIEW",
          "permittedUsers": [
            899942852,
            899942854,
            899942848,
            899942850,
            899942844
          ]
        }
      },
      "createdAt": 1760112066122,
      "updatedAt": 1760112066122
    }
  ],
  "paging": {
    "next": {
      "after": "ODk5OTQyODU0",
      "link": "https://private.hubapi.com/resource-permissions/v3/permitted-users/paged?resource=hcrn%3A123456%3Acrm-object%3A0-1%3A1451&portalId=123456&limit=5&after=ODk5OTQyODU0"
    }
  }
}
Last modified on December 10, 2025