Question

Authorization into own rest api

  • 9 November 2022
  • 5 replies
  • 77 views

Hello everyone!

Preface: I am zapier early beginner, and it’s my first task with this platform :)

I am currently working on own zapier developer integration with our company product.

So, the problem is that I need to provide an access_token which has 15 minutes to live, I do not have any oauth client and web application(only mobile application). So how can i refresh my access_token, when my zap is running?

P.S In application we do not have login/password auth, only by mobile phone and 6 digit code.

Please tell me full algorithm, what should I do.

Thanks in advance!


5 replies

Userlevel 4
Badge +8

👋 @re1nhart 

The supported authentication schemes for the Zapier Visual Builder here: https://platform.zapier.com/docs/auth#zapier-supported-authentication-schemes - I would recommend you start out with the Visual Builder if you’re a beginner 😀

There’s a quick start guide here: https://platform.zapier.com/quickstart/project-structure that walks you through each step including setting up authentication.

If your API supports automated token refresh, you would be able to check the Automatically Refresh Token box when setting up Oauth 2, but I am not sure from your description which authentication scheme your API supports. 

I would highly recommend trying out the quick start guide to set up an integration with the example app used in the tutorial (Github), to understand the steps required - that will help greatly for trying to set up your own app down the line 🎉

Userlevel 2
Badge +1

@re1nhart Head to https://developer.zapier.com, click on start zapier integration and setup oauth 2.0. It should have option to refresh token

Userlevel 3
Badge +6

Hi @re1nhart and welcome to the Zapier platform!

Does your API provide a mechanism for token refresh? If not (in other words, if it always requires the six digit code to be manually input), then I don’t know of any way you could refresh the token in a Zap.

Let me know if your API does provide a way to refresh tokens.

Hope that helps, and let us know if you have any other questions!

Hi @re1nhart and welcome to the Zapier platform!

Does your API provide a mechanism for token refresh? If not (in other words, if it always requires the six digit code to be manually input), then I don’t know of any way you could refresh the token in a Zap.

Let me know if your API does provide a way to refresh tokens.

Hope that helps, and let us know if you have any other questions!

After entering six digit code there is a basic JWT authorization process that has access and refresh tokens. Our API provides routes for refreshing both tokens

Userlevel 1
Badge +1

Hey @re1nhart :)

Let’s step back from the mobile app for a moment, and consider the following hypothetical:

  • I am a user of your app, and I want to instruct the app to perform a task by sending an HTTP request to it’s API. In other words, I am not interacting with the mobile app at all.

In that scenario, what credentials need to be provided with that API request in order for it to be accepted and performed?

Assuming the answer to that is an `access_token`, the next question is how does a user get an `access_token`?

The answers to those questions will inform which Authentication Scheme should be selected for your Zapier integration. For example, if you select “OAuth v2” - you will then be able to define the Authorisation URL, Access Token Request, Refresh Token Request, and whether Zapier should automatically invoke that Refresh Token Request any time it receives an HTTP 401 response from your API.

I hope this helps to get you started, and if we can assist further please feel welcome to reach out :)

Reply