Skip to main content

Get Support
Have a question? Let's get you an answer!

How Do I...? Troubleshooting Code & Webhooks Developer Zone

Other Help Resources
Wait, there's more! Check out these Community sourced spaces for additional resources.

Zapier Help Center Hire an Expert

Learning Resources
All of our best learning resources can be found here.

Featured Articles Show & Tell Zapier's products AI Hub Zapier Tools Hub

Share your knowledge
Give back to the Community by sharing your automation wins and helping to answer questions.

Share your success See unanswered questions User Groups

Other Learning Resources
Some of our favorite additional ways to upskill your Zapier knowledge.

Zapier Learn Zapier Blog Zapier Webinars

Product Updates
Check out what is new and upcoming with Zapier with our regular product updates.

Product Updates

Early Access Program
Want to join Early Access? Learn more here.

Best answer

Connect to API with OAuth2 using PKCE flow

  • September 11, 2021
  • 1 reply
  • 427 views
R

I am new to building Zapier integrations, but I am trying to connect to the Etsy API with OAuth2 and they require the PKCE flow with code verifier and challenge. Is this possible to implement in Zapier integration. If so, how?

Best answer by ZaneBest answer by Zane

Zapier does not have out-of-the-box, built-in support for OAuth 2 authorization code flow with PKCE. 

Using the Zapier CLI one might be able to implement their own support.  I’m happy to share thoughts on how to approach that if anyone wants to try it, or if anyone reading this has implemented it, please share your experiences. I certainly don’t want to misspeak and propose something here that turned out to be less than secure, so I’d need a bit more time with the PKCE spec and to build out a proof-of-concept before presenting a definitive approach.

And we’ll keep an eye out for other APIs that require PKCE and don’t offer a client_secret option. So far I haven’t seen that come up from Zapier ecosystem developers, but we’d like to stay ahead of emerging trends in the API landscape. If others reading are running into similar situations, please chime in here and share what API you’re trying to authenticate with.

View original
    Did this topic help you find an answer to your question?
    This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

    1 reply

    Z
    Forum|alt.badge.img+9
    • ZaneZapier Staff
    • Zapier Staff
    • 331 replies
    • Answer
    • September 13, 2021

    Zapier does not have out-of-the-box, built-in support for OAuth 2 authorization code flow with PKCE. 

    Using the Zapier CLI one might be able to implement their own support.  I’m happy to share thoughts on how to approach that if anyone wants to try it, or if anyone reading this has implemented it, please share your experiences. I certainly don’t want to misspeak and propose something here that turned out to be less than secure, so I’d need a bit more time with the PKCE spec and to build out a proof-of-concept before presenting a definitive approach.

    And we’ll keep an eye out for other APIs that require PKCE and don’t offer a client_secret option. So far I haven’t seen that come up from Zapier ecosystem developers, but we’d like to stay ahead of emerging trends in the API landscape. If others reading are running into similar situations, please chime in here and share what API you’re trying to authenticate with.

    R
    1 person likes this
    • R
      racheljoss
    Terms & Conditions