Last modified: September 12, 2025

Run in Postman

 You can use this API to check which users have access to specific CRM records in a HubSpot account. Response data will include a list of user IDs that correspond to the users in that account, along with the granular permissions that those users have been granted for the CRM record you provided (e.g., users who can edit or communicate with a given contact).

HCRN format

The public permissions API uses the HCRN format for querying and displaying permissions based on the HubSpot account, CRM record type, and CRM record ID you’re requesting. This format always begins with hcrn:, followed by the associated IDs you’re looking to query for: 
hcrn:{accountId}:{resourceType}:{resourceTypeId}:{resourceId}
IDDescription
accountIdThe ID of the HubSpot account you want to query permission data from.
resourceTypeThe category of resource you want to query permissions for. The only value currently supported is crm-object.
resourceTypeIdThe identifier for this resource type, e.g., an object type ID. You can find a full list of object type IDs here.
resourceIdThe ID of the specific instance of this resource (e.g., the ID of a specific contact).
Please note:You can only currently query for permission to access contacts, companies, deals, and tickets.
Learn how to use the HCRN format to query for user permissions in the section below.

Get user permissions for CRM records

To get user permissions for CRM record data in a HubSpot account, make a GET request to /resource-permissions/v3/permitted-users?resource={hrcn}, where the hcrn matches the IDs and types you want to retrieve permission data for. For example, if your HubSpot account ID was 123456 and you wanted to get user permissions for access to a contact with an ID of 64151, you’d make a GET request to /resource-permissions/v3/permitted-users?resource=hcrn:2086383:crm-object:0-1 The results would resemble the following: 
{
  "resources": {
    "hcrn:123456:crm-object:0-1:64151": {
      "crm-object:COMMUNICATE": {
        "action": "crm-object:COMMUNICATE",
        "permittedUsers": [2620022, 2805887, 2859646]
      },
      "crm-object:EDIT": {
        "action": "crm-object:EDIT",
        "permittedUsers": [2620022, 2805887]
      },
      "crm-object:VIEW": {
        "action": "crm-object:VIEW",
        "permittedUsers": [
          2620022, 2805887, 2859646, 4511561, 4833320, 5158531, 9586504
        ]
      },
      "crm-object:DELETE": {
        "action": "crm-object:DELETE",
        "permittedUsers": [2620022]
      }
    }
  }
}