Authentication
Introduction
There are two methods that can be used to authenticate with @zapier/ai-actions
:
- API Key: If you plan on only using the AI Actions client to interact with AI Actions on your behalf
- OAuth: If you plan on creating an OAuth app to allow users to interact with AI Actions on their behalf
API Key
Your API key can be retrieved from the Credentials page.
Treat your API key like a password.
It can be used to run your AI Actions.
For example: if you set up a “Gmail: Find email” action, anyone with your API key can read all your email.
Create an AiActions
client with the API key:
OAuth
Creating an OAuth app
Click here to create an OAuth app
Click here to create a new OAuth app to use for authenticating with AI Actions.
In order to work with the API client, your app must have “Public Client” checked.
Getting an OAuth token
Creating the AiActionsAuth
object
@zapier/ai-actions
provides a helper class to handle the auth process.
This is done with the AiActionsAuth
class:
Storing the code verifier securely
@zapier/ai-actions
uses the OAuth 2.0 PKCE flow to facilitate the OAuth process. As part of this, a “code verifier” is generated.
By default, AiActionsAuth
will store the verifier in the browser’s
localStorage
.
This is not recommended for production use since it can be easily accessed by malicious scripts, and it will not work server-side.
To facilitate storing the code verifier securely, the constructor for AiActionsAuth
has options that can be used.
Generating the authorization OR quick account creation URL
Once you have an AiActionsAuth
object, you can use it to generate the authorization URL:
This URL can be used to redirect the user to the authorization page. Once the user has authorized your app, they will be redirected to the redirectUri
you provided.
You can also generate a quick account creation URL. This will ensure that the user has a Zapier account before authorizing your app.
If they do not have a Zapier account, one will be created for them. If they already have a Zapier account, they will be asked to log in on zapier.com.
After going through this flow, they will end up back on the redirectUri
that you provided.
Getting an access token
After authorizing your app, the user will be redirected to the redirectUri
you provided along with a code
query parameter.
This code
can now be used to get an access token
Refreshing the access token
Access tokens expire after a certain amount of time. To refresh the token, you can use the refreshToken
method along with the refresh_token
: