I’m working on a Zapier integration and having trouble with my auth system. The problem is that when users try to connect their account, my authentication function accepts any username and password combination, even when they’re completely wrong.
Here’s my current authentication setup:
const https = require('https');
const axios = require('axios');
const validateCredentials = (zapier, requestBundle) => {
return zapier.request({
url: 'https://myapi.service.com/auth/validate',
method: 'POST',
body: JSON.stringify({
'auth_request': {
'credentials': {
'api_token': 'XYZ123',
'user_email': requestBundle.authData.user_email,
'user_pass': requestBundle.authData.user_pass
}
}
})
}).then((apiResponse) => {
if (apiResponse.status === 401) {
throw new Error('Invalid login details');
}
return apiResponse.content;
});
};
module.exports = {
type: 'custom',
fields: [
{key: 'user_email', label: 'Email', required: true, type: 'string'},
{key: 'user_pass', label: 'Password', required: true, type: 'password'}
],
test: validateCredentials,
connectionLabel: '{{bundle.authData.user_email}}'
};
The issue is that during account setup, users can enter random text as credentials and the system still allows the connection. How can I fix this validation problem?
your validation logic’s probably missing edge cases. same thing happened to me - my api returned 200 but hid error details in the json response. check for specific success fields in apiResponse.content instead of just trusting status codes.
It seems like your API endpoint is not validating credentials as it should. When I dealt with a similar issue in my Zapier integration, I found that the checks for valid credentials were insufficient. Besides just the 401 status, many APIs return a 200 status along with error messages in the response body. Ensure that you’re checking for specific success indicators in the response content. It’s crucial to verify that your API correctly processes the credentials instead of merely responding with a generic success message. Incorporating logging can also help you identify what your API is returning, as my experience showed that it consistently returned 200 even when the credentials were invalid, complicating the debugging process.
Your API endpoint is probably returning weird status codes or response formats. I’ve built a bunch of Zapier integrations and found that auth endpoints are inconsistent - many don’t return 401 for bad credentials like you’d expect. Some return 200 but hide the error in the response body, others use 403 or 422 instead. You need better response validation that checks both the status code and actually parses the response content for success indicators. Also, test your API directly with bad credentials in Postman first - see exactly what response you’re getting. That’ll show you what validation logic you actually need in your Zapier auth function.
This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.