Skip to main content
Best answer

Safely store a secret to be used in a Webhook POST


Hi,

I am using a Webhook POST step to trigger a Webhook in Glide app.

The Webhook in Glide is as follows:

In Zapier the Webhook looks like this:

The Bearer token is visible to anyone that has access to the zap. Is there anyway to store the key/token safely? i.e. not visible. Something like a secret?

I have seen that I could define a function to send the the HTTP POST reqiuest and in the context of the function use a secret. Is this the only way to do it?

Thank you!

Vittorio

 

Best answer by michaeltothBest answer by michaeltoth

Hi ​@VittoP,

You raise a great question about securely storing sensitive information like Bearer tokens. 

One approach is to use Zapier's built-in Storage features. This allows you to save sensitive data without displaying it directly in the Zap. Here's how you can do it:

1. Create a Stored Value: You can save your Bearer token in the "Stored Values" section of your Zapier account. This way, it will not be directly visible in your Zap steps.
2. Use the Stored Value: When setting up your Webhook POST request, you can reference the Stored Value instead of inputting the token directly.

This method keeps your token out of sight and reduces the risk of it being exposed.

The most-secure option would be to develop a private Zapier integration, which handles API token storage for you. This feels more intimidating than it actually is, but there’s also definitely a learning curve here. It may be overkill, but if security is the primary concern, this is likely the way to go.

Let me know if you need further assistance or clarification!

View original
Did this topic help you find an answer to your question?

2 replies

michaeltoth
Forum|alt.badge.img+1
  • New
  • 20 replies
  • Answer
  • February 20, 2025

Hi ​@VittoP,

You raise a great question about securely storing sensitive information like Bearer tokens. 

One approach is to use Zapier's built-in Storage features. This allows you to save sensitive data without displaying it directly in the Zap. Here's how you can do it:

1. Create a Stored Value: You can save your Bearer token in the "Stored Values" section of your Zapier account. This way, it will not be directly visible in your Zap steps.
2. Use the Stored Value: When setting up your Webhook POST request, you can reference the Stored Value instead of inputting the token directly.

This method keeps your token out of sight and reduces the risk of it being exposed.

The most-secure option would be to develop a private Zapier integration, which handles API token storage for you. This feels more intimidating than it actually is, but there’s also definitely a learning curve here. It may be overkill, but if security is the primary concern, this is likely the way to go.

Let me know if you need further assistance or clarification!


  • Author
  • Beginner
  • 1 reply
  • February 20, 2025

Thank you ​@michaeltoth!

I had a look at the private Zapier integration and tried to setup one, but as you said, there is a learning curve there!

I will try them both again and see which one would be the best for our use case.