I’m struggling with a persistent 401 error when trying to access the HubSpot Knowledge Base API via n8n.
The Situation:
Authentication: Private App (Access Token).
Working: I can successfully query CRM objects (Tickets, Contacts, etc.) using this Private App in n8n.
Failing: Any request to https://api.hubapi.com/cms/v3/knowledge-base/articles returns a 401 error.
Details:
I have verified that my Private App has all required scopes enabled: content, cms.knowledge_base.articles.read, and cms.knowledge_base.settings.read.
I’ve rotated the token and updated the credentials in n8n.
The error returned is: {"errorType":"MISSING_AUTH","message":"Not engaged, auth is missing"}.
It seems n8n is having trouble passing the authentication specifically for the CMS/Knowledge Base endpoints, even though it works for the CRM part of the same Private App.
Has anyone managed to get the HubSpot Knowledge Base API working with a Private App in n8n? Am I missing a specific header or setting for the CMS side?
This is likely a scope issue with HubSpot’s CMS API. The Knowledge Base API requires a different authentication scope than the CRM API. Try using the HTTP Request node with the authorization header set to Bearer YOUR_ACCESS_TOKEN in the headers section manually.
Also, ensure your Private App has these specific scopes enabled in HubSpot, which you said you have them already, but enable writecms.knowledge_base.articles.read and cms.knowledge_base.articles.write. The CMS endpoints might need the authorization header passed differently than the CRM ones.
Thanks for the suggestion! I’ve already tried manual header authentication, but I’m still hitting a wall. Here is more context on what has been tested so far:
Scopes: I have already enabled cms.knowledge_base.articles.read and write (along with settings.read/write and crm.objects.tickets.read/write) in my Private App.
Manual Headers: I’ve tested the HTTP Request node with Authentication set to ‘None’ and a manual header: Authorization: Bearer pat-na1-xxxx....
The Error: I consistently get a 401 Unauthorized with the message {"status":"error","message":"Not engaged, auth is missing","errorType":"MISSING_AUTH"}.
The Mystery: The exact same Token/Header works perfectly for CRM endpoints (Tickets/Associations) but fails on any /cms/v3/knowledge-base/ URL.
Network Check: I’ve verified that n8n is sending requests correctly (a test to google.com works instantly), but the HubSpot Private App logs show zero incoming requests for the KB endpoint, meaning HubSpot’s gateway is rejecting it before it even hits the logs.
Endpoint Test: I’ve tried both the /search endpoint and the basic /articles listing, both returning the same MISSING_AUTH error.
It feels like the CMS gateway expects a specific header format or a different authentication handshake than the CRM gateway, even for Private Apps. Any idea if there’s a hidden setting or a specific Content-Type that the CMS API is picky about?"
Do not use the HubSpot node in n8n for Knowledge Base / CMS endpoints. It works for CRM APIs, but it does not properly engage authentication for the CMS layer.
That’s it. No OAuth helper, no HubSpot credentials in n8n.
Make sure your Private App has these scopes enabled:
cms.knowledge_base.articles.read
cms.knowledge_base.settings.read
This works because HubSpot’s CMS / Knowledge Base APIs validate authentication separately from CRM APIs and require an explicit Bearer token. The 401 MISSING_AUTH error is a HubSpot quirk, not an n8n issue.
Your setup is almost correct, the problem is not the header format itself but the type of token you are sending.
The value you are using (pat-...) is a personal access token. That token type works for some HubSpot APIs, but the Knowledge Base CMS endpoints only accept Private App access tokens.
For this endpoint the Authorization header must contain the access token generated by a HubSpot Private App, which usually looks like a long token starting with something like hp..., not pat-.
So keep your HTTP Request node exactly as it is, but replace
Authorization: Bearer pat-xxxx
with the access token from a HubSpot Private App:
Authorization: Bearer <private_app_access_token>
You can remove the Content-Type header for a simple GET, it is not required.
In short: same request, different token type. Use a Private App access token, not a personal access token, and the 401 “Not engaged, auth is missing” will go away.
Thanks again for your response. Hubspot regrouped the private app under what’s newly called the legacy app. We can now create a public, or a private app.
From what I’ve researched, the root cause is probably on the HubSpot CMS or Knowledge Base API itself. Despite the documentation listing the correct scopes, the endpoint /cms/v3/knowledge-base/articles doesn’t reliably accept Private (Legacy) App tokens.
When this happens, HubSpot responds with 401 MISSING_AUTH – Not engaged, auth is missing.
This is expected behavior for that API and isn’t related to token rotation, scope configuration, or the HTTP Request or AI Agent nodes.
To avoid this error, switch to OAuth authentication via a Public App for Knowledge Base endpoints. This is a HubSpot platform limitation, not a configuration issue.
