Zapier does not have out-of-the-box, built-in support for OAuth 2 authorization code flow with PKCE. 

Using the Zapier CLI one might be able to implement their own support.  I’m happy to share thoughts on how to approach that if anyone wants to try it, or if anyone reading this has implemented it, please share your experiences. I certainly don’t want to misspeak and propose something here that turned out to be less than secure, so I’d need a bit more time with the PKCE spec and to build out a proof-of-concept before presenting a definitive approach.

And we’ll keep an eye out for other APIs that require PKCE and don’t offer a client_secret option. So far I haven’t seen that come up from Zapier ecosystem developers, but we’d like to stay ahead of emerging trends in the API landscape. If others reading are running into similar situations, please chime in here and share what API you’re trying to authenticate with.