I’m trying to make an REST API call to an app that uses OAuth2 for authentication. I need to be generate an OAuth Access Token to make an API call in Zapier. OAuth tokens expire so I would need to run it each time the zap is triggered.
Is there a way to do this in Zapier?
Yes there is a way. You can built a new zap to create an access token after every 15 or 30 minutes and store the value in Storage by Zapier. Now in your Zap, add an action to get the value of access token and use that in Webhooks by Zapier action.
To read more about Storage by Zapier, click here https://zapier.com/apps/storage/help
How would I build a Zap which created an access token after every time interval so that it could be stored?
I am looking at the API docs for Zoom and Mailchimp and from what I gather with Oauth, I would need to build a custom server to do this? I feel like that can’t be right, tho.
Any advice or example would be much appreciated.
Mailchimp API doesn’t require OAuth to authenticate: https://mailchimp.com/developer/marketing/docs/fundamentals/#connecting-to-the-api
Depends on the token expiration period as every API is different.
One approach is to use 1 Zap that serves to generate a new API access token from the API refresh token and put it in Storage.
Then the other Zaps can pulls the access token from Storage to use in API requests.
How would I go about making an API call to generate a new API access token from the API refresh token?
Would that be with a Webhook GET request?
Thanks for the link I will check out the mailchimp doc.
The steps to generate access token is always shared in API Doc. Depending upon the app, generally it is making 2-3 API calls. You can use Webhooks by Zapier to generate access token.
Maybe I am not thinking about this correctly, but I use the website to generate an API key (or client secrets with JWTs). I haven’t worked with Oauth. Per
@Tdasta‘s question, “Can I generate OAuth access tokens to make an API call in Zap?” I am presuming they mean getting refreshed tokens created to use with new Zaps making API calls. How does one generate the time sensitive Oauth token to invoke a refreshed token? AFAIK, the code block in Zapier doesn’t support external libraries… is the initial Oauth token not time sensitive?
Sorry for confusing the issue. I appreciate your help!
There are 2 types of authentication flows: client-side (e.g. you logging in to an app) and server-side (backend behind the scenes)
There are general concepts for how to implement these authentication methods, but again every app is different, so best to default to the app’s API documentation for how to handle authentication for the supported methods.
Wiki about OAuth: https://en.wikipedia.org/wiki/OAuth
@Troy Tessalone, I think it is starting to make sense now. The ability to generate an auth token will depend upon the API - many ways to skin the cat.
I was hopeful when I read this: “Depending upon the app, generally it is making 2-3 API calls. You can use Webhooks by Zapier to generate access token.”
I haven’t figured out how to use Webhooks to generate an access token.
Mostly I have been working with Zoom and Mailchimp. Using their dev pages, I have generated an API key from Mailchimp - which seems to not require a time sensitive encoding. Using Zoom’s “marketplace” I created a JWT app which does have time sensitive tokens.
As I understand Zapier’s Code block, it does not allow importing of external libraries. With Zoom’s API it appears to me that I would need to create a server which I could make a Webhook call to - i.e. a server set up with the App credentials (secret and key) along with the libraries to process the JWT encoding - so that I could make a Webhook request with Zapier to generate JWT token. Am I on the right track here?
Check if any of these related Zapier Community topics related to “JWT” can help: https://community.zapier.com/search?q=jwt
I found this article:
...and can see how if the API supports it, a `cURL` request could be made for one, but if the API doesn’t it reads like I’d need to engineer a server which could do the encoding to deliver the token when requested.
Thanks again, really appreciate your help (and patience!)