Authentication#

Your API probably has some kind of authentication needs in order for us to talk to it on behalf of a user. Zapier supports the following authentication schemes: Basic Auth, Digest Auth, API Keys, Session-based Auth or OAuth V2.

Basic Auth#

Classic Basic Auth, as documented on MDN.

Users provide Zapier their username and password to authenticate with your API.

This is also the scheme you want to use if your API relies on Basic Auth, but with atypical values for the username and password. For instance, an API that uses an API Key as the username and a dummy value as the password would still want to select Basic Auth for their App. We'll use this as the example.

  1. Customize the Authentication Fields:

  2. Map the fields to a username and password property:

  3. The user will be asked to provide values:

  4. We will prepare all requests to the API with an header like:

    Authorization: Basic WkFQSUVSIExPVkVTIFlPVTpYT1hP
    

See also Authentication Mappings and Basic Auth via CLI.

Digest Auth#

Digest Auth, as documented by RFC7616.

Users will provide Zapier their username and password, and we will handle all the nonce and quality of protection details automatically.

The setup and user experience is identical to Basic Auth.

See also: Digest Auth via CLI

API Keys#

Typically, you'll provide your users with an API Key inside your app somewhere. Many times these are provided on the user's settings or accounts page. These keys can be given to Zapier by the user so that we may make authenticated requests to access that user's information on their behalf.

  1. Select either API Key (Headers) or API Key (Query String), depending on how the API expects to receive the keys.

  2. Customize the Authentication Fields:

  3. Map the fields to the headers or query string parameters the API expects:

  4. The user will be asked to provide values:

  5. We will prepare all requests to the API with an header like:

    X-Secret: WkFQSUVSIExPVkVTIFlPVTpYT1hP
    

See also Authentication Mappings and API Key auth via CLI.

Session-based Auth#

This type can be used for almost any authentication where user provided credentials get exchanged for some kind of session token.

  1. Customize the Authentication Fields:

  2. Write a get_session_info() method that handles the exchange of the authentication fields for the session token and returns an object like:

    {
      user_token: "WkFQSUVSIExPVkVTIFlPVTpYT1hP"
    }
    
  3. Map the fields and/or the properties returned by get_session_info() to parameters the API expects, and select if it expects them as headers or query string parameters:

  4. The user will be asked to provide values:

  5. We will call get_session_info() the first time or when we receive a 401 HTTP status or InvalidSessionException is thrown.

  6. We will prepare all requests to the API with an header like:

    X-Token: WkFQSUVSIExPVkVTIFlPVTpYT1hP
    

See also get_session_info(), Authentication Mapping and Session auth via CLI.

OAuth#

See:

↑ Was this documentation useful? Yes No
Get Help