User Provisioning

This doc describes the process for managing users using the public users API. See our endpoints tab for detailed descriptions of all the available endpoints.

This API can be used to manage the users on an account and manage the permission sets of those users.

When specifying a user with the userId path parameter, you can either use the user's id or the user's email. Specifying based on the user's id is the default behavior but if you want to use the user's email, you can use the query parameter idProperty to set that.

The following GET request is fetching a user with the email myUser@gmail.com:

https://api.hubspot.com/settings/v3/users/myUser@gmail.com?idProperty=EMAIL

You can set the idProperty query param in any endpoint that takes in userId as a path param

HubSpot accounts can define permission sets to easily manage multiple users' permissions at once. Once you've created a role and specified certain permissions for it, you can then assign new and existing users the role to grant them the same permissions. Permission sets that have paid seats attached to them can only be modified by applications that have the billing-write scope.

The following is an example of a role definition:

{
"id": "1234"
"name": "my cool role"
"requiresBillingWrite": false
}

Note that permission sets must be created in the app before attempting to assign them to users.

In order to use the User Provisioning API you must use OAuth 2.0 or your app's access token, if you're creating a private app.