How to Setup Bearer Token in HubSpot Workflow Custom Code

When building custom integrations in HubSpot, you often need to securely call external services like AWS Lambda. To protect your endpoint, you should use a Bearer Token inside your workflow’s Custom Code action.

In this guide, I will show you step by step how to setup and use a Bearer Token in HubSpot Workflow Custom Code using Python.

Steps to Setup

Step 1: Add a Custom Code Action

1. Go to your HubSpot Workflow.
2. Add an action and choose Custom Code.
3. Select Python 3.9 as the runtime.

Note: HubSpot Custom Code currently supports only Python 3.9. If you need a higher Python version, you must contact HubSpot Support for further details.

Step 2: Add a Secret

1. Inside the Custom Code setup, go to Secrets.
2. Create a new secret.
   • Example secret name: HubSpotWorkflowToken
   • Secret value format: Bearer [YOUR_TOKEN]
3. This secret will be used as your Authorization header when calling your API or Lambda.

Step 3: Add Properties

• Add property: hs_object_id
• This is the HubSpot Record ID of the object that triggered the workflow.
• It will be passed into your Python code for context.

Step 4: Write Python Code

Here’s a simple example that sends the workflow record ID to an AWS Lambda endpoint with the Bearer Token.

import requests
import os

def main(event):
    # Get HubSpot record ID
    record_id = event["inputFields"]["hs_object_id"]
    
    # Get Bearer Token from HubSpot Secrets
    token = os.getenv("HubSpotWorkflowToken")

    # Define your external endpoint
    url = "https://your-lambda-url.aws.com/process"

    # Setup headers
    headers = {
        "Authorization": token,
        "Content-Type": "application/json"
    }

    # Setup payload
    payload = {
        "recordId": record_id
    }

    # Send request to Lambda
    response = requests.post(url, headers=headers, json=payload)

    return {
        "status": "ok",
        "lambda_status": response.status_code,
        "lambda_response": response.text
    }

Step 5: Save and Test

1. Save your Custom Code action.
2. Trigger the workflow manually or with enrollment conditions.
3. Check the execution log to confirm the request was sent successfully.

Conclusion

By storing your Bearer Token in HubSpot Secrets and using it inside a Custom Code action, you can securely call external services like AWS Lambda. This method ensures your token is safe and avoids hardcoding sensitive values in your script.

📚 Further Learning

If you want to explore more, here are some valuable reads:

• Sync HubSpot Company Records to S3 Using AWS Lambda and Step Functions – by Linuxbeast
• How to Avoid AWS Lambda Timeout When Processing HubSpot Records – by Linuxbeast
• How to Make Reliable HubSpot API Requests in Python (With Retry Logic) – by Linuxbeast
• How to Use HubSpot CRM v4 Associations: A Guide for Beginners – by Linuxbeast