OAuth Scopes - Zapier

OAuth scopes define which Zapier resources your application can access. Request only the scopes required for the endpoints or flows your application uses. Endpoint-specific scope requirements are listed on each API reference page. When requesting more than one scope in an OAuth flow or token exchange, pass scopes as a space-separated string.

zap zap:write authentication

Workflow API scopes

Scope	Description
`profile`	Read profile information for the authenticated user.
`zap`	Read Zaps that use your integration.
`zap:write`	Create or modify Zaps.
`zap:all`	Read all Zaps owned by the authenticated user.
`zap:account:all`	Read all Zaps the authenticated user can access in their account, including shared Zaps.
`zap:runs`	Read Zap run history.
`action:run`	Run an action.
`authentication`	Read app authentications.
`authentication:write`	Create or update app authentications.
`connection:read`	Read connections.
`connection:write`	Create or update connections, or request a connect token for Connect UI and MCP authorization flows.

White Label and MCP scopes

Scope	Description
`external`	Access White Label APIs that use partner-signed external JWT token exchange.
`mcp:run`	Run tools through a Zapier-hosted MCP server after completing the MCP authorization flow.

Choosing Zap read scopes

Use the narrowest Zap read scope that supports your use case:

Use zap when you only need Zaps that use your integration.
Use zap:all when you need all Zaps owned by the authenticated user.
Use zap:account:all when you need Zaps the authenticated user can access across their account, including shared Zaps.

Zap Guesser Create Account

⌘I

​Workflow API scopes

​White Label and MCP scopes

​Choosing Zap read scopes

Workflow API scopes

White Label and MCP scopes

Choosing Zap read scopes