Skip to main content
OAuth scopes define which Zapier resources your application can access. Request only the scopes required for the endpoints or flows your application uses. Endpoint-specific scope requirements are listed on each API reference page. When requesting more than one scope in an OAuth flow or token exchange, pass scopes as a space-separated string.
zap zap:write authentication

Zapier API scopes

ScopeDescription
profileRead profile information for the authenticated user.
zapRead Zap workflows that use your integration.
zap:writeCreate or modify Zap workflows.
zap:deleteDelete Zap workflows.
zap:allRead all Zap workflows owned by the authenticated user.
zap:account:allRead all Zap workflows the authenticated user can access in their account, including shared workflows.
zap:runsRead Zap run history.
action:runRun an action.
authenticationRead app authentications.
authentication:writeCreate or update app authentications.
connection:readRead connections.
connection:writeCreate or update connections, or request a connect token for Connect UI and MCP authorization flows.

Additional scopes

ScopeDescription
externalAccess endpoints that use partner-signed external JWT token exchange.
mcp:runRun tools through a Zapier-hosted MCP server after completing the MCP authorization flow.

Choosing Zap read scopes

Use the narrowest Zap read scope that supports your use case:
  • Use zap when you only need Zap workflows that use your integration.
  • Use zap:all when you need all Zap workflows owned by the authenticated user.
  • Use zap:account:all when you need Zap workflows the authenticated user can access across their account, including shared workflows.