I’m working on integrating my application with Zapier using OAuth authentication. My app is deployed on Heroku and has the necessary OAuth endpoints configured.
From what I understand about OAuth, I should receive Zapier’s app_id and app_secret to store in my database. This would help me identify when Zapier is trying to access my API through the OAuth process.
However, Zapier is requesting my application’s app_id and app_secret instead of providing theirs. This seems backwards to me. How can I complete the OAuth authorization without having their credentials?
Am I misunderstanding how OAuth works in this context? What’s the proper way to verify that Zapier is the service requesting API access?
I’ve searched through OAuth tutorials and Zapier’s developer docs but haven’t found clear guidance on this specific issue.
You’re mixing up the OAuth flow direction. When building a Zapier app, you’re making an OAuth client that connects to YOUR service - not the reverse. Your app becomes the OAuth provider, just like Google or Facebook when other apps want user data access. In Zapier’s Developer Platform, you’ll set up your OAuth details: authorization URL, token URL, and client credentials. Users authenticate through Zapier’s interface, which sends them to your OAuth endpoint. Once they’re authenticated, Zapier gets access tokens to call your API for that user. You don’t need Zapier’s credentials because they’re not authenticating to you - they’re just helping users authenticate to your service. Look for the authentication section in your Zapier app dashboard and plug in your OAuth provider info there.
ahh, I get it now! Zapier doesn’t hand out OAuth credentials since your app is the one users connect to, not the reverse. When they integrate your app, they’re letting Zapier access their accounts on your platform. So, just set up OAuth on your end & zapier will use those settings to auth users.
The confusion stems from the unique OAuth implementation with Zapier. Unlike traditional OAuth setups, you won’t have access to Zapier’s credentials since they act as an intermediary in the authentication flow. When you create a Zapier integration, your application serves as the OAuth provider. You need to configure your OAuth settings directly in the Zapier Developer Platform. Essentially, Zapier directs users to your authorization endpoint based on your configuration. After the user authenticates, your application sends the tokens to Zapier, enabling it to make API calls on behalf of that user. Be sure to review the authentication configuration in your Zapier app for where to enter your OAuth endpoints and client information.