Question

Connect to API with OAuth2 using PKCE flow

  • 11 September 2021
  • 1 reply
  • 12 views

I am new to building Zapier integrations, but I am trying to connect to the Etsy API with OAuth2 and they require the PKCE flow with code verifier and challenge. Is this possible to implement in Zapier integration. If so, how?


1 reply

Userlevel 7
Badge +9

Zapier does not have out-of-the-box, built-in support for OAuth 2 authorization code flow with PKCE. 

Using the Zapier CLI one might be able to implement their own support.  I’m happy to share thoughts on how to approach that if anyone wants to try it, or if anyone reading this has implemented it, please share your experiences. I certainly don’t want to misspeak and propose something here that turned out to be less than secure, so I’d need a bit more time with the PKCE spec and to build out a proof-of-concept before presenting a definitive approach.

And we’ll keep an eye out for other APIs that require PKCE and don’t offer a client_secret option. So far I haven’t seen that come up from Zapier ecosystem developers, but we’d like to stay ahead of emerging trends in the API landscape. If others reading are running into similar situations, please chime in here and share what API you’re trying to authenticate with.

Reply