I’m in the process of developing my application on the Zapier platform and I’ve set up OAuth endpoints on Heroku. As per my comprehension of OAuth, it’s essential to save Zapier’s client_id and client_secret within my app’s database to ascertain the entity (Zapier, in this instance) that is requesting API access through OAuth. However, Zapier has asked for my app’s client_id and client_secret, yet they haven’t provided theirs. This leaves me puzzled about how to achieve a valid authorization. Is my grasp of OAuth incorrect? What steps should I take to verify who is accessing my API? I have searched for OAuth flow instructions and delved into Zapier’s resources, but there seems to be a significant shortage of insightful information on this matter.
From my work with Zapier, it’s crucial to recognize that Zapier acts as an intermediary rather than the origin of client credentials when integrating with your app. Their role is to facilitate connections without directly managing the client_id and client_secret for every integration. What you’re providing is essentially allowing Zapier to act on behalf of users, utilizing the OAuth mechanisms. If you ensure that your endpoints handle OAuth authorization correctly, Zapier should seamlessly request authorization tokens and manage authentication for users utilizing their provided credentials through your setup.
Nope, Zapier doesn’t hand out client_id or client_secret. Basically, you’re giving them yours so they can safely request access to your API on a user’s behalf. OAuth kinda splits responsibility like this. You got it right setting up on Heroku, just don’t expect creds from Zapier. Cheers!