Need Help with Verifying API Key and Passing Webhook Data in Custom Zapier App

  • 23 February 2024
  • 1 reply

Hello Zapier Community!

I'm currently working on a custom Zapier app that involves an Instant Trigger webhook. My main goal is to verify an API key received in the webhook's headers.Authorization against a user-provided API key during the Zap setup. If the keys match, I then want to pass the incoming webhook data to subsequent steps in the Zap.

Here's a brief overview of what I've tried:

  1. I set up an input field for the API key in the app's configuration.
  2. In the perform function of my trigger, I attempted to verify the API key from the Authorization header against the user-provided API key.
  3. If the verification is successful, I want to return the body of the webhook to be used in the next steps of the Zap.

However, I'm encountering issues with verifying the API key and properly returning the webhook data. Here's the basic structure of my perform function:

const perform = (z, bundle) => {
const expectedApiKey = bundle.inputData.api_key;
const receivedApiKey = bundle.request.headers['Authorization'].replace('Bearer ', '');

if (expectedApiKey !== receivedApiKey) {
throw new Error('Invalid API Key.');

// Assuming the webhook data is in bundle.cleanedRequest
const webhookData = bundle.cleanedRequest;
return webhookData;


I'm not sure if I'm accessing the headers correctly or if there's a better way to compare the API keys. Also, I'm uncertain about the best way to pass the verified webhook data to the next steps.

Could anyone offer guidance on how to properly verify the API key and ensure the webhook data is passed along correctly in a custom Zapier app? Any advice, code snippets, or resources would be greatly appreciated.

Thank you in advance for your help!

1 reply

Here is the solution:


const expectedApiKey = bundle.inputData.api_key;
const receivedApiKey = bundle.rawRequest.headers['Http-Authorization'];
if (expectedApiKey !== receivedApiKey) {
throw new Error('Invalid API Key.');
return [bundle.cleanedRequest];