Session authentication has elements of Basic authentication — where Zapier requests a username and password, and OAuth v2 — where Zapier redirects users to the app’s site to allow access. User credentials are exchanged for a token used to authenticate subsequent API calls.
string
text field by default; select password
instead if you would like to obscure the data as users enter it.
– Help Text: Include details to assist users in authenticating with your app, especially if they may be unsure where to find the data needed within your app. Format text with Markdown, and include a hyperlink if needed.
– Input Format: (optional) Help users figure out exactly what piece of data you need them to enter. For example, for a subdomain, https://.yourdomain.com/.
– Default Value: Include a value for this field to be used as a fallback. For optional fields, the default value is set on initial connection creation and used in the API call instead of missing or null values every time the Zap runs. For required fields, this value is used during connection creation, but not when the Zap runs (Zapier raises an error for missing/null values instead).
:censored:6:82a3be9927:
. Due to this, it is not possible to view the exact tokens or keys in Zapier’s logs. To verify that the same token as was returned by the authentication, is being used in subsequent API calls; you can compare censored value characters, for example :censored:6:82a3be9927:
would have the same value ending in 9927 when used in a subsequent call.
{{bundle.authData.field}}
, where field
is the key in the response.
/user
or /me
call. Add the URL for the API call, and set the call type, typically a GET
. This will test the user-entered credentials to ensure it enables a successful API call to your app.
bundle.authData
, and typically be referenced as {{bundle.authData.access_token}}
, {{bundle.authData.sessionToken}}
, or a similar field, depending on how your token exchange response includes the token.