Authentication
Introduction
There are two methods that can be used to authenticate with @zapier/ai-actions
:
- API Key: If you plan on only using the AI Actions client to interact with AI Actions on your behalf
- OAuth: If you plan on creating an OAuth app to allow users to interact with AI Actions on their behalf
If you plan on using the interactive playground available in this documentation, then an API key must be user.
API Key
Follow the steps below to create your API key:
- Log in or sign up to Zapier.
- Connect your Zapier account to the
custom
integration app. - Your API key can be retrieved from the Credentials page.
Treat your API key like a password.
It can be used to run your AI Actions.
For example: if you set up a “Gmail: Find email” action, anyone with your API key can read all your email.
OAuth
Creating an OAuth app
Click here to create an OAuth app
Click here to create a new OAuth app to use for authenticating with AI Actions.
In order to work with the @zapier/ai-actions
API client, your app must
have “Public Client” checked.
Authenticating with OAuth
If you’re using JavaScript/TypeScript, you can use the @zapier/ai-actions
library to handle authentication for you!
Getting a token
Your OAuth client can be used with the PKCE flow to authenticate with AI Actions using a Bearer
token.
To begin this process, you first need to generate a code verifier and a code challenge.
Here is some sample code in TypeScript to do this:
Make sure to store the verifier securely! It will be needed when returning to your site after authenticating with AI Actions
You can then send the user to AI Actions to see your OAuth consent screen:
After the user has authorized your app, they will be redirected to the redirect_uri
you provided with a code
query parameter.
You can then exchange this code for a token, using the verifier
that you generated previously:
This will return the following JSON:
The access_token
can then be used to make API calls to AI Actions:
Quick account creation
Since your users may not already have a Zapier account, we offer a quick account creation flow that allows users to create a Zapier account and connect their account to your app in one step.
To use this flow, first generate the /oauth/authorize
URL as outlined above.
Then, get the account creation URL for your OAuth client:
This will return the following JSON:
When you send a user to the provided login_link
, they will go through a quick Zapier account creation flow. If the provided email address is already associated with a Zapier account, they will be asked to log in.
Users will receive a follow-up email from Zapier to confirm their email address and to let them set a password for the account.
The user will then see the AI Actions OAuth consent screen and be redirected back to your redirect_uri
with a code
query parameter, which can be exchanged for an access token as outlined above.
Refreshing tokens
After expires_in
seconds, the access_token
will expire. To get a new token, you can use the refresh_token
that was returned when you got the original token:
This will return a new OAuth token that can be used in an Authorization: Bearer ...
header.