I’m working with an API that requires two different authentication keys. One needs to be sent as a header parameter and the other as a URL parameter. When I go to the authentication settings in my Zapier app, I can only choose one method for both keys at the same time.
The problem is that I can either set both keys as headers or both as query parameters, but not mix them. Right now the URL parameter works correctly but my server throws an error because it can’t find the required header.
Is there a way to set up mixed authentication in Zapier where I can specify that one key goes in the header and another goes in the query string? Any help would be appreciated.
yeah, zapier’s limitation here is pretty annoying. i worked around it using custom auth - just override the request in your code. set bundle.authData for one key, then manually add the other to bundle.request.params or bundle.request.headers (whatever you need). takes a bit to get right, but works great once its setup.
You’ll need Custom Authentication instead of the standard options. Select Custom in your auth config and handle both keys programmatically. I ran into this exact thing with a third-party payment API that wanted an API key in headers and merchant ID in query parameters. Use beforeRequest middleware to intercept requests and add your auth dynamically. Set up your primary key through normal auth flow, then in beforeRequest, manually inject the second key using request.headers or request.params depending on where each goes. More setup upfront but you get complete control over auth handling across different endpoints.
Had the same problem last year with a custom Zapier integration. Zapier’s auth section only handles one method at a time, but there’s a workaround. Set up your main auth method normally, then handle the second key manually in your trigger/action perform functions. I used bundle.inputData to grab the second key and modified the request options directly. You can put one key in headers and the other in URL params - just takes a bit more manual coding but it works great for mixed auth setups.