Skip to main content
Question

API keys in Code by Zapier

  • 8 May 2024
  • 3 replies
  • 128 views

I’m using Code by Zapier to connect with an API that isn’t explicitly integrated with Zapier.  I make a JavaScript call to the API, but the problem is that doing it this way leaves the API key stored in plain text in the zap.  Is this not the intended use of Code by Zapier?  Is there a workaround or some other step that I’ve missed in order to secure the authentication for the other API?

 

Thanks!

3 replies

Troy Tessalone
Userlevel 7
Badge +14

Hi @TalosTheDigiton 

The Webhooks app can also be used to make API requests and handle authentication: https://zapier.com/apps/webhook/help

 

Security and Compliance at Zapier: https://help.zapier.com/hc/en-us/articles/8496181993613-Security-and-Compliance

⚡ Troy Tessalone - AutomationAce.com | Premier Certified Zapier Expert | #1 Zapier Community Contributor
T

Thanks @Troy Tessalone.  The Webhooks app seems particularly useful for some use cases.  I do see where I can add the API key to the headers, but again, it isn’t evident to me that this information will be encrypted like passwords.  I assume that the headers of the Webhooks zap will be stored somewhere in Zapier’s system in plain text.  The security and compliance article you linked also implies that it might be visible through the “comprehensive” logs as well.  I’m happy to have my understanding corrected, but I’m concerned about leaving an API key or similar information in plain text like this.

Troy Tessalone
Userlevel 7
Badge +14

@TalosTheDigiton 

You can try opening a ticket with Zapier Support to get a more official response.


In the Zap Runs > Logs, sensitive data will show was “censored”.

 

⚡ Troy Tessalone - AutomationAce.com | Premier Certified Zapier Expert | #1 Zapier Community Contributor

Reply


Terms & Conditions