I’m working with an API that requires two different authentication keys. One key needs to be sent as a header parameter and the other as a URL query parameter.
The problem I’m facing is in Zapier’s authentication setup. When I go to the authentication settings for my app, I can only choose one method for all fields at once. The options are either API Key in querystring or API Key in headers, but not a mix of both.
There’s also an “Access Token Placement” option at the bottom with choices for header, querystring, or both. However, the “both” option doesn’t seem to work as expected.
Right now my querystring authentication is working correctly, but I’m getting server errors because the header key is missing. Is there a way in Zapier to set up mixed authentication where I can specify that one key goes in the header and another goes in the query parameters?
I ran into this exact issue about six months ago when integrating with a payment processor that had similar dual-key requirements. The built-in authentication options in Zapier are quite limited for this scenario. What worked for me was switching to custom authentication and handling both keys manually in the API calls. You’ll need to define both keys as separate input fields in your authentication configuration, then reference them directly in your API requests using the bundle.authData object. For the header key, add it to the headers section of your request, and for the query parameter, include it in the params or construct the URL manually. It’s more work upfront but gives you complete control over where each key gets placed. The downside is you lose some of the automatic authentication handling, but it’s the most reliable way I found to make mixed authentication work properly.
The Access Token Placement option you mentioned is actually the key here, though it requires some additional setup to function correctly. When you select “both” for placement, Zapier expects you to configure the token names differently in your authentication schema. You need to set up your authentication with two separate token fields - one designated for headers and one for querystring - rather than trying to use a single token field for both locations. In your authentication configuration, define both keys as individual fields, then in your API call setup, reference each field appropriately. The header key should be referenced in the headers object while the querystring key goes in the params. This approach has worked reliably for APIs requiring dual authentication without needing to abandon the built-in authentication system entirely.
honestly zapier’s auth system can be pretty frustating for this kinda setup. have you tried using the custom auth method instead? it lets you manually handle both keys without fighting the built-in options. just define them as seperate fields then reference each one where needed in your api calls.