Skip to main content

Get Support
Have a question? Let's get you an answer!

How Do I...? Troubleshooting Code & Webhooks Developer Zone

Other Help Resources
Wait, there's more! Check out these Community sourced spaces for additional resources.

Zapier Help Center Hire an Expert

Learning Resources
All of our best learning resources can be found here.

Featured Articles Show & Tell Zapier's products AI Hub Zapier Tools Hub

Share your knowledge
Give back to the Community by sharing your automation wins and helping to answer questions.

Share your success See unanswered questions User Groups

Other Learning Resources
Some of our favorite additional ways to upskill your Zapier knowledge.

Zapier Learn Zapier Blog Zapier Webinars

Product Updates
Check out what is new and upcoming with Zapier with our regular product updates.

Product Updates

Early Access Program
Want to join Early Access? Learn more here.

I’ve set up a zap -- “Create module entry in Zoho CRM when catch raw hook in Webhooks by Zapier” where I’m connecting “Webhooks by Zapier” to the Zoho CRM. Within minutes I was able to create a zapier URL that accepts a POST request which will add a new module in Zoho. This is fantastic!

It’s also terrifying because anyone with the webhook URL can send requests to it, which could lead to unauthorized access or abuse. Surely there’s a basic auth or token system available to mitigate this threat, but I can’t seem to find it anywhere in the UI.

I’m brand new to zapier -- what am I missing?

Hi @teeky301 

Good question.

Help articles about Zapier Webhooks: https://zapier.com/apps/webhook/help

 

If Zapier is claiming compliance then there must be an alternative to this “security through obscurity” approach. Maybe I can add my own ‘path’ trigger in the zap that handshakes with my own basic auth and includes a conditional to proceed to the next trigger?

Are there any offerings in the pro version to address this security hole?

@teeky301 

Best to open a ticket with Zapier Support for further clarification and guidance: https://zapier.com/app/get-help

For the edification of future readers:

It looks like an “integration” can be set up in zapier platform which includes a number of authentication methods. This integration can be used as the ‘trigger’ in a zap instead of a webhook.

Terms & Conditions