How to Connect n8n to HubSpot, Pipedrive, Slack, and Gmail

HubSpot is the most common CRM integration in the ForgeWorkflows catalog. Blueprints like the RevOps Forecast Intelligence Agent, HubSpot Contact Scoring Auditor, and Weekly GTM Alignment Brief all read from and write to HubSpot.

HubSpot uses OAuth2, which means you authorize n8n to access your HubSpot account through a secure flow — no manual token copying required. Here is the process:

1. Create a HubSpot Private App. In HubSpot, go to Settings > Integrations > Private Apps. Click "Create a private app." Name it something like "n8n-forgeworkflows."
2. Set scopes. Under the "Scopes" tab, add the scopes your Blueprint requires. Common ones: crm.objects.contacts.read, crm.objects.deals.read, crm.objects.deals.write, crm.objects.companies.read. The Blueprint README lists the exact scopes needed.
3. Generate an access token. Click "Create app." HubSpot generates an access token. Copy it.
4. Configure in n8n. In your n8n workflow, click the HubSpot node. Select "Create New Credential." Choose "HubSpot API" and paste your access token.
5. Test the connection. Click the "Test" button in the credential dialog. n8n calls the HubSpot API and confirms the token is valid.

If the test fails with a scope error, go back to HubSpot, add the missing scope, and regenerate the token. Scope changes require a new token — the old one does not pick up new scopes automatically.

Browse all HubSpot Blueprints at /blueprints/integration/hubspot.

Pipedrive uses a simpler authentication model: a personal API token that you copy from your Pipedrive settings. Blueprints like the Contact Intelligence Agent, Deal Stall Diagnoser, and CRM Data Decay Detector all connect to Pipedrive this way.

1. Find your API token. In Pipedrive, click your profile picture > Company Settings > Personal Preferences > API. Your personal API token is displayed on this page.
2. Copy the token. Click the eye icon to reveal it, then copy.
3. Configure in n8n. Open the Pipedrive node in your workflow. Click "Create New Credential." Select "Pipedrive API" and paste the token.
4. Test. Click "Test" to verify the connection.

Pipedrive tokens do not expire, but they have important access implications:

• The token inherits the permissions of the user who generated it. If that user can only see their own deals, the workflow will only see those deals.
• For workflows that need org-wide access (e.g., the Deal Intelligence Agent), use an admin account or a dedicated integration user.
• Rate limits depend on your Pipedrive plan: Essential tier allows 80 requests per 2 seconds, Professional allows 160. Blueprints are designed to stay within these limits, but if you run multiple Blueprints against the same Pipedrive account, cumulative requests may approach the cap.

Browse all Pipedrive Blueprints at /blueprints/integration/pipedrive.

Slack is the most common notification destination in ForgeWorkflows Blueprints. The Feature Request Extractor reads from Slack channels, while Blueprints like the Deal Sentiment Monitor and Slack Standup Summarizer both read and write to Slack.

1. Create a Slack App. Go to api.slack.com/apps. Click "Create New App" > "From scratch." Name it and select your workspace.
2. Add bot scopes. Navigate to OAuth & Permissions. Under "Bot Token Scopes," add the scopes listed in your Blueprint README. Common scopes:
   • channels:history — read messages from public channels
   • channels:read — list channels
   • chat:write — send messages
   • users:read — look up user names
3. Install to workspace. Click "Install to Workspace" and authorize. Slack generates a Bot User OAuth Token starting with xoxb-.
4. Copy the token. Store it in your password manager.
5. Configure in n8n. In the Slack node, create a new Slack credential. If using the native Slack node, paste the Bot Token and OAuth Secret. If using HTTP Request nodes, set the Authorization header to Bearer xoxb-YOUR-TOKEN.

Critical detail: When entering the token as an HTTP header, the value must be exactly Bearer xoxb-YOUR-TOKEN — one space between "Bearer" and the token. Missing the Bearer prefix produces a not_authed error. Double spaces or trailing whitespace also cause failures.

After adding new scopes, you must reinstall the app to your workspace. The old token is invalidated when scopes change — Slack issues a new token on reinstall.

Blueprints that send or read email — such as the Email Intent Classifier and Meeting Follow-Up Agent — connect to Gmail via OAuth2. This requires a Google Cloud project with the Gmail API enabled.

1. Enable the Gmail API. In the Google Cloud Console, select your project (or create one). Navigate to APIs & Services > Library. Search for "Gmail API" and click "Enable."
2. Create OAuth2 credentials. Go to APIs & Services > Credentials. Click "Create Credentials" > "OAuth client ID." Choose "Web application" as the application type.
3. Set the redirect URI. Add your n8n instance callback URL: https://your-n8n-domain/rest/oauth2-credential/callback. If self-hosted, this must be the publicly accessible URL of your n8n instance.
4. Copy Client ID and Secret. Google displays both values. Store them securely.
5. Configure in n8n. Open the Gmail node, create a new credential, paste the Client ID and Secret, and click "Sign in with Google." Complete the OAuth flow in the browser popup.

Gmail OAuth tokens expire after a period of inactivity (typically a few days without use). If your Blueprint suddenly fails with a 401 on the Gmail node, reconnect the credential in n8n to refresh the token. For Blueprints that run frequently (daily or more), token expiration is rarely an issue since activity keeps the token alive.

If your Google Workspace organization restricts third-party app access, your admin may need to allowlist the OAuth client ID before the flow will succeed.

After configuring all credentials, run a systematic test before activating the workflow:

1. Test each credential independently. In n8n, every credential dialog has a "Test" button. Click it for each credential. This verifies the token is valid and the permissions are sufficient for a basic API call.
2. Run a manual workflow execution. Click the play button on the workflow canvas. Watch each node execute. Green means success; red means failure. Click on any red node to see the error details.
3. Check output data. After a successful run, click on the final output node to inspect the data. Verify that CRM fields, Slack messages, and email content match your expectations.
4. Verify write operations. If the workflow writes to your CRM (updates a deal, creates a note), check the CRM directly to confirm the data landed correctly.

If a node fails, the most common causes are:

• Wrong credential type. You selected "API Key" when the node expects "OAuth2," or vice versa.
• Missing scope. The API call requires a permission that your token does not have. The error message usually names the missing scope.
• Network issue. Your n8n instance cannot reach the external API. Check firewall rules and DNS resolution if self-hosted.
• Expired token. For OAuth2 credentials, reconnect through the n8n credential dialog to refresh.

Once all nodes pass, activate the workflow and monitor the first few automated executions to confirm everything works under production conditions. Every ForgeWorkflows Blueprint is ITP-tested with real API calls before listing, so if your credentials are configured correctly, the pipeline will behave as documented.