Add authentication with API Key
API Key authentication passes along a user-entered API Key with every API call. In your Zapier integration using API Key authentication, the API key—and optionally any other data your API needs—is included every time a Zap step runs.
_Example API Key auth screen for users inside Zapier_
Use API Key authentication if your API primarily uses an API key to identify accounts, especially with apps for weather, maps, content verification, file conversion, and other data tools that require a key for access to the service but do not contain user-specific content.
Since API Key authentication allows you to create a custom input form, you can use it for any custom authentication type with username and password-based logins that don’t fit other authentication scheme types.
1. Build input form
- Open the Authentication tab in Zapier visual builder and select API key.
- Add authentication input fields where users will enter their API key and any other required authentication details. Check your API documentation for what fields are required, including user or account names, domains, and more. Note any details users may need on how to find that data in your app. API keys especially are often hidden under settings menus and you’ll need to include those details in your input form’s help text.
-
Click the Add Fields button and fill in the details for your field. Add the most commonly needed fields first, in the order users expect, as you cannot reorder fields once added.
-
Add the required Key, the name your API uses to reference this field.
- Fill in the optional fields, as appropriate, especially the Label:
– Label: A human-friendly name for this field that will be shown to users in the authentication form.
– Required? (checkbox): Check if this field is required for successful authentication.
– Type: All input fields use the string
text field by default; select password
instead if you would like to obscure the data as users enter it.
– Help Text: Include a direct URL formatted with Markdown where users can obtain their API key from your app. If there is no direct link, include as clear of directions as possible to help users find the API key.
– Input Format: (optional) Help users figure out exactly what piece of data you need them to enter. For example, for a subdomain, https://.yourdomain.com/.
– Default Value: Include a value for this field to be used as a fallback. For optional fields, the default value is set on initial connection creation and used in the API call instead of missing or null values every time the Zap runs. For required fields, this value is used during connection creation, but not when the Zap runs (Zapier raises an error for missing/null values instead).
-
Input fields marked as password and all authentication fields with sensitive, private data such as API keys from API Key auth are automatically censored at runtime. These values are stored in the Auth bundle and used in API calls, but are replaced in Zapier’s logs with a censored value like this
:censored:6:82a3be9927:
. Due to this, it is not possible to view the exact tokens or keys in Zapier’s logs. To verify that the same token as was returned by the authentication, is being used in subsequent API calls; you can compare censored value characters, for example:censored:6:82a3be9927:
would have the same value ending in 9927 when used in a subsequent call. -
Computed fields are not applicable to API Key authentication and are only used with OAuth v2 and Session Auth.
-
Each input field is listed with its label, key, type, and required status in your authentication settings. Click the field to edit it, or click the gear icon and select Delete to remove a field.
- Once you’ve added all the input fields to your authentication form, select Continue
2. Add a Test API Request
- Add an API call to your API that requires no configuration, typically a
/user
or/me
call. Add the URL for the API call, and set the call type, typically aGET
. This will test the user-entered API key and any other credentials to ensure it enables a successful API call to your app.
-
The API key and any additional input fields are automatically included in the URL Params and the HTTP Headers. Click Show Options to remove the details where they are not needed. It is typically not recommended to pass any sensitive information such as the API key in the URL Params. Passing it through the headers or even the body is preferable.
-
To customize the test API request, select Switch to Code Mode and write custom JavaScript code to handle your test API call and the response parsing as needed. The first time you click the toggle, Zapier will convert your API call to code. If you switch back to Form Mode though, Zapier will not convert your code changes to the Form mode, nor will any subsequent changes in the form be added to your code.
3. Configure a Connection Label
Review connection label documentation to optionally differentiate the app accounts users connect.
4. Test your authentication
Connect a valid user account to test authentication.
Need help? Tell us about your problem and we’ll connect you with the right resource or contact support.