HubSpot MCP
Provides tools for managing the entire HubSpot account, including CRM (contacts, companies, deals, tickets), CMS (pages, posts, HubDB, source code), Marketing (emails, campaigns, forms, sequences), Automation (workflows), Conversations, Commerce (invoices, orders, payments), Files, Settings, Webhooks, and more. Includes hub & plan awareness, rate limiting, retries, and safety categories.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@HubSpot MCPlist my contacts in HubSpot"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
ohneben's HubSpot MCP
The most complete HubSpot MCP server there is. Run your entire HubSpot account in plain language from Claude, Cursor, or any other MCP client.
This Model Context Protocol server exposes the whole public HubSpot API β 1,076 endpoint tools across 102 APIs β CRM, CMS, Marketing, Automation, Conversations, Commerce, Files, Settings, Webhooks and more, generated straight from HubSpot's own OpenAPI definitions. Every tool is safety-categorized (π’ read-only / π‘ write / π΄ destructive) and β unique to this server β hub & plan aware: HubSpot publishes which hub and tier every API needs (Free / Starter / Professional / Enterprise), and this server carries that straight into each tool plus a live capability report for your portal. It runs over stdio (Claude Desktop and other local launchers) or Streamable HTTP (hosted in Docker), and ships with retries, client-side rate limiting tuned to HubSpot's burst caps, and request timeouts so it holds up against a live account.
Why you'll want this
Some MCP servers just forward a slice of the API. This one is built to be safe to hand to an LLM, complete, and easy to run for real:
What you get | Why it matters |
1,076 tools β the whole public API | Contacts, companies, deals, tickets, every engagement type, associations v4, properties, pipelines, lists, imports/exports, marketing emails & events, campaigns, forms, transactional email, sequences, workflows/actions, conversations & custom channels, CMS pages/posts/HubDB/source code, files, commerce (invoices, orders, carts, payments, subscriptions), settings, webhooks β nothing hand-picked or left behind. Most servers stop at ~30 CRM tools. |
Hub & plan awareness (nobody else has this) | HubSpot gates APIs by hub and tier β HubDB needs Content/Marketing Hub Professional, custom-object schemas need Enterprise, sequences need Sales/Service Professional. Every tool states its requirement, straight from HubSpot's own API index. |
| One call reports your portal, your token's granted scopes, today's API usage vs. the daily cap, and β per tool group β how many endpoints your token actually unlocks, with the scopes needed to unlock the rest. Optional live probes verify access end-to-end. No more walls of mystery 403s. |
Curated safety categories π’ / π‘ / π΄ | Not naive "GET = safe": a |
Machine-readable MCP annotations ( | Hosts that honor annotations (Claude included) can auto-trust reads and demand confirmation before anything destructive. |
Actionable error hints | 403 with |
Read-only mode & group filtering | Expose only the 443 π’ read-only tools ( |
Discovery mode |
|
Real file uploads | The multipart endpoints (Files, CRM imports, HubDB import, CMS source code) actually work β pass file content inline or as base64. Most generated servers can't do multipart at all. |
Automatic retries with backoff | Transient |
Built-in rate limiting | Self-throttles under HubSpot's burst caps (default 100 req / 10 s) with a separate limiter for the |
Response-size guard | Optionally cap huge list responses ( |
CRM GraphQL passthrough | HubSpot's GraphQL endpoint is query-only, so it's a π’ tool here β fetch a contact, its company and that company's deals in one round-trip. |
Raw-request escape hatch |
|
Two transports: stdio and Streamable HTTP | Use it locally in Claude Desktop, or run one always-on server that any number of MCP clients reach over HTTP. |
Docker + docker-compose, health check, auto-restart | Production-style deployment out of the box: |
Optional bearer-token auth on the HTTP endpoint | Put the server behind a shared secret the moment it's reachable beyond localhost. |
Your token never reaches the model | The access token lives in the server's environment and is injected on every request β the assistant only ever sees tool inputs and API responses. |
Drop-in spec updates |
|
Related MCP server: HubSpot MCP
How it compares
There are a few ways to reach HubSpot from an AI assistant today. Here's how this server stacks up against the alternatives:
This server | Official HubSpot MCP | shinzo-labs |
| CData MCP | |
Approx. tools | ~1,079 | ~7 curated (remote) | 100+ | ~7 | 3 (generic SQL) |
Whole public API (CRM and CMS Β· Marketing Β· Automation Β· Commerce Β· Files Β· Settings Β· Webhooks) | β | β CRM + some content reads | β CRM-centric | β | β |
Hub & plan-tier awareness per tool | β | β | β | β | β |
Account capability report (scopes Β· usage Β· unlocks) | β | β | β | β | β |
Reads and writes | β | β | β | β partial | β read-only |
Curated π’ / π‘ / π΄ safety categories | β | β | β | β | n/a |
| β | β | β | β | β |
Read-only mode + group filtering | β | β | β | β | always read-only |
File uploads (multipart) | β | β | β | β | β |
GraphQL passthrough | β | β | β | β | β |
Rate limiting + auto-retry ( | β | β | β | β | β |
| β | β local package | β | β | β |
Streamable-HTTP transport | β | β hosted remote | β | β | β |
Docker + compose + health check | β | β | β Dockerfile | β image only | β |
Self-hosted on your own infra | β | β vendor cloud | β | β | β |
Language | TypeScript | TypeScript | TypeScript | Python | Java |
License | MIT | β | MIT | MIT | MIT |
β = yes Β· β = partial / not documented Β· β = no. Compiled from each project's public documentation; this is an unofficial project, not affiliated with HubSpot or the projects listed. Tool counts are approximate and move as APIs evolve.
The short version: the official remote server is a great managed on-ramp but covers a handful of curated tools. The community servers are solid but CRM-centric, without plan awareness or safety guardrails. This one gives you the entire public API, hub/plan awareness no one else has, both transports, a production Docker deployment, and curated safety categories β self-hosted, on your token, MIT.
What you can do
Once it's connected, ask your assistant things like:
"Find jane@example.com, show her company, open deals and the last emails we exchanged."
"Create a $12,000 deal 'Acme expansion' in the Sales pipeline, stage Qualified, associated with Acme Corp."
"Search contacts created this month with lifecycle stage MQL and add them to the 'Q3 nurture' list."
"Which HubDB tables exist? Add a row to 'pricing' and publish the table."
"Clone last month's newsletter as a draft β don't publish."
"Upload this CSV and start a contact import mapped to email + first name."
"What can my token do? Check my API usage and which scopes are missing for HubDB." (β
hubspot_get_capabilities)"Merge these two duplicate contacts β after showing me both records first."
Tools are generated automatically from HubSpot's specs and grouped into π’ read-only, π‘ write and π΄ destructive β so a well-behaved host can treat each group differently.
How it works
Claude / Cursor / any MCP client ββMCPβββΊ this server ββHTTPSβββΊ api.hubapi.com (your portal)The server parses 104 bundled OpenAPI definitions (fetched from HubSpot's public
API index, which also publishes per-API hub/tier requirements) into MCP
tools β resolving $refs, guarding against recursive schemas, deriving clean
names like contacts_search and hubdb_tables_create_table, and tagging each
tool with a curated safety category, its plan requirement and its OAuth scopes.
Your access token is injected server-side on every request; the model never
sees or handles it.
Hub & plan awareness
HubSpot isn't one API β what you can call depends on which hubs (Marketing, Sales, Service, Content, Commerce, Operations) and which tier (Free, Starter, Professional, Enterprise) the portal has, plus the scopes granted to your token. This server is built around that reality:
Every tool description carries the requirement, from HubSpot's own index:
π’ READ-ONLY Β· Hubdb (CMS) Β· GET /cms/v3/hubdb/tables β¦ Plan: Professional tier of Marketing Hub / Content Hub. Scopes: hubdb.hubspot_get_capabilitiesreports, for your portal and token: account details, granted scopes, today's API usage vs. the daily cap, and per tool group how many endpoints are unlocked ("unlockedByScopes": "13/16"), what would unlock the rest, plan requirements and beta status. Passprobe_groups: ["hubdb"]to live-verify with one cheap read per group β plan gates often only surface as 403s, and this catches them up front.403s come back with the fix: missing scope β the exact scope name and where to grant it; plan-gated API β the tier HubSpot requires.
Requirements
A HubSpot account and a private app access token (or an OAuth access token) β see Get your API credentials.
Docker (Docker Desktop on macOS/Windows) for the quick start below β or Node.js β₯ 18 to run from source.
Quick start (Docker)
1. Add your credentials. Copy the example config and fill it in:
cp .env.example .env
# edit .env β set HUBSPOT_ACCESS_TOKEN
# β set MCP_SHARED_TOKEN to a long random string if reachable beyond localhost2. Start the server:
docker compose up -d --buildThe bundled docker-compose.yml binds to 127.0.0.1:8765 only, so the server is
reachable from your machine but not the network.
3. Confirm it's running:
curl -s http://localhost:8765/health
# β {"status":"ok","server":"hubspot-mcp","tools":1079,"endpoints":1076,"mode":"all"}4. Connect your MCP client. The MCP endpoint is http://localhost:8765/mcp.
Claude Desktop β add a custom connector (Settings β Connectors) pointing at the URL, or bridge it locally with
mcp-remote. Add this undermcpServersin your config, then fully quit and reopen the app:{ "mcpServers": { "hubspot": { "command": "npx", "args": [ "mcp-remote", "http://localhost:8765/mcp", "--header", "Authorization: Bearer YOUR_MCP_SHARED_TOKEN" ] } } }(Drop the
--headerline if you leftMCP_SHARED_TOKENempty.)Claude Code β one command:
claude mcp add --transport http hubspot http://localhost:8765/mcpClaude Cowork β shares Claude Code's MCP config, so the command above makes the tools available there too.
Tip: 1,000+ tools is a lot for some clients. Trim the surface with
HUBSPOT_INCLUDE_GROUPS(e.g.contacts,companies,deals,tickets,lists), or setHUBSPOT_TOOL_MODE=discoveryto get the same coverage through 3 meta-tools β see Context footprint for measured numbers per configuration.
Prefer a prebuilt image?
Every push to main publishes a ready-to-run image to the GitHub Container
Registry, so you can skip the local build entirely:
docker run -d --name hubspot-mcp -p 127.0.0.1:8765:8765 --env-file .env \
ghcr.io/ohneben/hubspot-mcp:latestGet your API credentials
The recommended way is a private app token:
In HubSpot, open Settings β Integrations β Private Apps and click Create private app.
On the Scopes tab, tick what you want the assistant to reach. Scopes map 1:1 to tool groups β grant read scopes (
crm.objects.contacts.read, β¦) for a reporting setup, add write scopes only where you want changes. You can change scopes later; the capability report shows what's missing for any group.Create the app and copy the access token (
pat-β¦) βHUBSPOT_ACCESS_TOKENin.env.
Notes:
OAuth access tokens work too (for apps you've built) β but they expire after ~30 minutes and this server does not refresh them; private-app tokens are the right fit for a long-running server.
The token determines the portal β no portal ID needed.
EU data residency: if your portal lives in HubSpot's EU data center, set
HUBSPOT_BASE_URL=https://api-eu1.hubapi.com.
Configuration
Everything is set in .env (copied from .env.example):
Variable | Required | Default | Description |
| β | β | Private-app token ( |
| β |
| Use |
| β |
|
|
| β |
| HTTP listen port |
| β |
| HTTP bind address |
| β |
| HTTP MCP route |
| β | (off) | Require |
| β |
| Client-side requests per window ( |
| β |
| Rate-limit window in ms (default: 100 req / 10 s) |
| β |
| Extra throttle for |
| β |
| Search throttle window (default: 4 req / 1 s) |
| β |
| Retries on |
| β |
| Per-attempt request timeout |
| β |
| Expose only π’ read-only tools |
| β | (all) | Only expose these groups β keys like |
| β | (none) | Hide these groups (same syntax) |
| β |
| Include beta / developer-preview APIs |
| β |
|
|
| β |
| Expose the CRM GraphQL query tool |
| β | (derived) | Override the GraphQL endpoint |
| β |
| Expose the raw-request escape hatch (auto-hidden in read-only mode) |
| β |
| Truncate responses longer than N chars ( |
| β | (bundled) | Load OpenAPI files + catalog.json from a different directory |
After changing .env, reload with docker compose up -d --force-recreate.
Run npm run list-tools (no credentials needed) to print the full catalog, the
per-category counts, and every group key you can filter on β add --names to
list all 1,076 tool names.
Tool safety categories
Each tool's description starts with one of these banners and carries the matching MCP annotations:
Banner | Count |
|
| Meaning |
π’ READ-ONLY | 348 |
|
|
|
π’ READ-ONLY Β· query | 95 |
|
| A |
π‘ WRITE Β· creates data | 245 |
|
| Creates records (not idempotent; may duplicate). |
π‘ WRITE Β· creates or updates | 36 |
|
| Idempotent upserts (batch upsert, marketing-event upsert). |
π‘ WRITE Β· updates data | 168 |
|
| Modifies records/settings in place. |
π‘ WRITE Β· links records | 19 |
|
| Associates records (list memberships, v4 associations). Reversible. |
π‘ WRITE Β· unlinks records | 12 |
|
| Removes associations. Reversible β records survive. |
π‘ WRITE Β· sends messages | 4 |
|
| Marketing/transactional email, sequence enrollment, conversation replies. |
π‘ WRITE Β· bulk import | 1 |
|
|
|
π΄ DESTRUCTIVE Β· deletes data | 96 |
|
| Deletes/archives a record (CRM archives are restorable ~90 days). |
π΄ DESTRUCTIVE Β· bulk delete | 42 |
|
| Batch archive β many records in one call. |
π΄ DESTRUCTIVE Β· merges records | 7 |
|
| HubSpot cannot un-merge. Confirm both IDs first. |
π΄ DESTRUCTIVE Β· permanent GDPR purge | 3 |
|
| Skips the recycle bin; gone forever. |
That's 443 read-only Β· 485 write Β· 148 destructive = 1,076 endpoint tools,
plus the three power tools below. Hosts that respect annotations (Claude
included) can require confirmation for destructiveHint tools and trust
readOnlyHint tools automatically. Prefer to lock it down further? Set
HUBSPOT_READ_ONLY=true to expose only the 443 read-only tools (plus the π’
capability and GraphQL tools).
Area | APIs | π’ Read | π‘ Write | π΄ Delete | Tools |
CRM | 58 | 216 | 245 | 92 | 553 |
CMS | 13 | 74 | 123 | 22 | 219 |
Marketing | 7 | 42 | 46 | 11 | 99 |
Conversations | 3 | 18 | 11 | 3 | 32 |
Automation | 3 | 17 | 10 | 4 | 31 |
Webhooks Journal | 1 | 20 | 3 | 3 | 26 |
Settings | 3 | 14 | 9 | 1 | 24 |
Files | 1 | 10 | 7 | 4 | 21 |
Communication Preferences | 1 | 6 | 8 | 0 | 14 |
Events | 3 | 4 | 7 | 2 | 13 |
Webhooks | 1 | 3 | 4 | 2 | 9 |
Data Studio | 1 | 1 | 6 | 1 | 8 |
Auth (OAuth) | 1 | 3 | 2 | 2 | 7 |
Account | 2 | 5 | 0 | 0 | 5 |
Commerce | 1 | 2 | 2 | 1 | 5 |
Scheduler | 1 | 3 | 2 | 0 | 5 |
Meta | 1 | 4 | 0 | 0 | 4 |
Business Units | 1 | 1 | 0 | 0 | 1 |
Total | 102 | 443 | 485 | 148 | 1,076 |
Context footprint
What does 1,000+ tools cost in model context? Measured on the bundled specs
(tools/list JSON payload; tokens β chars Γ· 3.6):
Configuration | Tools | Payload | β Tokens |
Full (default) | 1,079 | 2.20 MB | ~612k |
Read-only mode | 445 | 0.61 MB | ~169k |
CRM core presetΒΉ | 176 | 0.29 MB | ~81k |
CRM core presetΒΉ + read-only | 65 | 0.10 MB | ~28k |
Discovery mode | 6 | 0.01 MB | ~2k |
ΒΉ HUBSPOT_INCLUDE_GROUPS=contacts,companies,deals,tickets,lists,properties,associations,pipelines,crm-owners,notes,tasks,calls,emails,meetings
How to read that:
Clients with tool search / deferred loading (Claude Code, claude.ai connectors) don't pay the upfront cost β tool definitions load on demand, so full mode is fine and only the tools actually used land in context.
Clients that inject every tool definition upfront should pick a lever:
HUBSPOT_TOOL_MODE=discovery(~2k tokens, zero coverage lost β all 1,076 endpoints stay callable through search β inspect β invoke), aHUBSPOT_INCLUDE_GROUPSpreset, and/orHUBSPOT_READ_ONLY=true.Responses consume context too. Cap outliers with
HUBSPOT_MAX_RESPONSE_CHARS(e.g.40000) and request only thepropertiesyou need on CRM reads.Oversized inline schemas are already handled: the four pathological recursive schemas (list filters, workflow definitions β ~1.7 MB each fully inlined) are budget-pruned to β€24 KB with their top levels intact.
The power tools
Besides the generated endpoint tools, the server ships four hand-built ones:
hubspot_get_capabilitiesπ’ β the capability report described above. Call it first in a session.hubspot_graphql_queryπ’ β HubSpot's CRM GraphQL API (POST /collector/graphql). Query-only by design (HubSpot exposes no mutations), so it stays available even in read-only mode. Requires thecollector.graphql_query.executescope and Marketing/Content Hub Pro+.hubspot_api_requestπ΄ β raw escape hatch for any path on the HubSpot host (new betas, undocumented corners). Same auth injection, throttling and retries. Hidden in read-only mode.Discovery mode (
HUBSPOT_TOOL_MODE=discovery) β replaces the 1,076 per-endpoint tools withhubspot_search_endpointsβhubspot_get_endpointβhubspot_invoke_endpointover the same registry. All filters (groups, beta, read-only) still apply; in read-only mode the invoke tool physically cannot reach a write because writes aren't in the registry.
Run from source (stdio, no Docker)
Prefer the classic stdio mode for Claude Desktop? Build it locally:
npm install
npm run buildThen point Claude Desktop at the compiled entrypoint in
claude_desktop_config.json:
{
"mcpServers": {
"hubspot": {
"command": "node",
"args": ["/ABSOLUTE/PATH/Hubspot-MCP/dist/index.js"],
"env": {
"MCP_TRANSPORT": "stdio",
"HUBSPOT_ACCESS_TOKEN": "pat-na1-β¦"
}
}
}
}Keeping the specs current
The bundled files under spec/ are the source of truth for the tools. They are
fetched from HubSpot's own public API index
(https://api.hubspot.com/public/api/spec/v1/specs), which lists every public
API with per-version OpenAPI documents and the hub/tier requirements this
server bakes into tool descriptions. spec/catalog.json records what was
fetched (API, version, stage, beta flag, requirements, docs links).
To refresh against HubSpot's latest:
npm run fetch-specs # rewrites spec/*.json + spec/catalog.json
npm run build && npm run list-toolsNew endpoints become new tools automatically β no code changes. The fetch script prefers each API's stable classic version (v1/v3/v4) and falls back to dated or beta versions when that's all HubSpot offers; a couple of APIs are pinned to bundle multiple genuinely-different versions (OAuth v1 + v3, Communication Preferences v3 + v4).
Development
npm install
npm run build # compile TypeScript β dist/
npm test # run the Vitest suite (81 tests)
npm run list-tools # print the categorized tool catalog (no credentials needed)
npm run fetch-specs # refresh spec/ from HubSpot's public API indexCI builds and tests every push across Node 20 and 22; pushes to main also
publish a Docker image to the GitHub Container Registry.
Notes & conventions
Transports:
MCP_TRANSPORT=stdio(default) for local launchers;MCP_TRANSPORT=httpfor the always-on Streamable-HTTP server the Docker image runs.Paging: CRM list tools use cursor paging β pass
limitand theaftercursor frompaging.next.after. Ask for the properties you need via thepropertiesparameter (arrays become repeated query params).Search: the
*_searchtools take a JSONbodywithfilterGroups,sorts,query,properties,limitandafter. HubSpot caps search at ~5 req/s per token β the built-in search throttle keeps you under it.Batch tools (
*_batch_read,*_batch_create, β¦) are the efficient way to touch many records β prefer them over loops of single calls.Associations: use the v4 association tools (
associations_*) to link records, with optional labels via the association-schema tools.File uploads: multipart tools accept file fields as
{"fileName": "report.pdf", "contentBase64": "β¦"}(orcontentfor plain text); other fields are sent as regular form fields, objects as JSON strings.Deletes are archives for CRM objects (recycle bin, ~90 days) β the truly permanent ones are the π΄
gdpr_deletepurge tools and record merges.Rate limits: HubSpot enforces burst caps per 10 s (private apps: 100β200/10 s depending on plan; OAuth apps ~110/10 s) plus daily caps. The server self-throttles at
HUBSPOT_MAX_REQUESTSper window and retries any429it still receives, honoringRetry-After. Check real usage anytime viahubspot_get_capabilities.Request bodies: write tools take a
bodyargument; its schema is resolved from the spec and shown to the model (e.g.contacts_createexpects{"properties": {β¦}}).Beta APIs (developer preview / public beta) are included by default and labelled β οΈ in descriptions; hide them with
HUBSPOT_INCLUDE_BETA=false.
Security
Your access token lives only in
.env, which is git-ignored. Never commit real secrets. The token grants whatever its scopes allow β if it leaks, rotate it in Settings β Integrations β Private Apps.The HTTP endpoint is unauthenticated by default (fine on localhost). To expose it beyond your machine, set
MCP_SHARED_TOKENand send it as anAuthorization: Bearer <token>header β ideally behind TLS.Destructive tools (delete / merge / GDPR purge) and send tools (marketing & transactional email, sequences) carry the right annotations so a well-behaved host prompts before acting β keep that confirmation on, or run with
HUBSPOT_READ_ONLY=true.Scope the blast radius at the source: grant the private app only the scopes you actually need β the capability report will tell you what's missing when you want more.
See SECURITY.md for the full policy and how to report a vulnerability.
Credits & license
An unofficial community integration for HubSpot; not affiliated with or endorsed by HubSpot. Built on the Model Context Protocol. Tools are generated from HubSpot's public OpenAPI definitions. Licensed under the MIT License.
This server cannot be installed
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ohneben/Hubspot-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server