AgentAPI

Zapier API - The Complete Developer Guide to Building Integrations, Embedding Workflows, and Connecting AI Agents

People search “Zapier API” expecting one simple REST API. In practice, “Zapier API” can mean three related but different developer surfaces:

  • Zapier Developer Platform: build a Zapier integration (“Zapier app”) with triggers, actions, and searches.
  • Powered by Zapier Workflow API: embed Zapier’s workflow building and automation experience inside your product.
  • Zapier MCP (Model Context Protocol): connect AI assistants/agents to thousands of Zapier actions using a standardized tool protocol.

This page explains all of them, how authentication works, what endpoints exist, and how to design production ready experiences that are safe, reliable, and predictable for your users.

All new integrations: Zapier Platform v3
Build methods: Platform UI or Platform CLI
Auth: OAuth v2 preferred (API key/session/basic supported)
Embed: Workflow API + Managed Auth + Zap creation endpoints
AI: Zapier MCP (beta, in plan)
Start with the “what is it?” Jump to Platform build guide

Table of contents

Skimmable on mobile, detailed enough to ship a real integration.

1) What “Zapier API” means in 2026 2) Zapier Developer Platform (UI + CLI) 3) Triggers, Actions, Searches: the building blocks 4) Authentication (OAuth, API key, basic, session) 5) Platform development workflow (test → version → publish) 6) Powered by Zapier Workflow API (embed Zapier) 7) Workflow API endpoints (Apps, Zaps, Authentications) 8) Zapier MCP for AI assistants and agents 9) Webhooks, API Request steps, and “bring your own API” 10) Best practices: reliability, security, and scale 11) FAQ 12) Official references

1) What does “Zapier API” mean?

Three major developer surfaces + a few supporting tools

Zapier Developer Platform (Build a Zapier integration)

The Developer Platform is how you create a Zapier “app” (integration) so that users can include your product in a Zap. Zapier’s docs note that all new integrations are built using Zapier Platform v3, and you can build them using either the Platform UI (visual builder) or the Platform CLI (local JavaScript development). (See docs: “How Zapier works”.)

Powered by Zapier Workflow API (Embed Zapier inside your product)

“Powered by Zapier” is Zapier’s embed solution. The Workflow API is described as a way to build “native feeling” workflow experiences for your end users and access Zapier’s integration directory within your product’s UI. This is the path if you want users to create and manage workflows without leaving your product.

Zapier MCP (Model Context Protocol)

Zapier MCP is a standardized way to connect AI assistants to Zapier’s actions. Zapier describes MCP as a way to connect AI assistants to thousands of apps, enabling the AI to take actions like creating tasks, updating records, and sending messages through natural language commands. Zapier MCP is currently in beta and is part of your existing Zapier plan.

Supporting “API-like” ways users automate

In addition to the official developer surfaces, Zapier users often interact with APIs using:

  • Webhooks by Zapier (send/receive HTTP requests in Zaps).
  • Custom API Request actions (build API calls inside Zap steps).
  • Instant triggers via REST Hooks (Zapier subscribes to your server and your app pushes events to Zapier).

These aren’t “Zapier’s API” as a developer product, but they’re essential to understand because your integration might rely on webhooks or need to support instant triggers.

If you only remember one thing: Zapier Developer Platform is how you make your app show up in Zapier. Workflow API is how you bring Zapier into your app. MCP is how AI assistants talk to Zapier as tools.

2) Zapier Developer Platform (UI vs CLI)

Same platform under the hood; choose the builder that matches your team

Platform UI (visual builder)

The Platform UI is a web-based visual builder. Zapier describes it as a visual way for builders who are comfortable with APIs but prefer a form editor to writing everything in code. It supports advanced calls and response parsing via “Code mode,” but it’s primarily designed as a visual configuration workflow.

Best for Fast iteration, smaller teams, integrations that match common patterns, less local tooling.
Tradeoffs Harder to use git-based workflows and CI; complex logic can become harder to maintain.

Platform CLI (local JavaScript)

The Platform CLI is a command line workflow for building, testing, and pushing Zapier integrations from your local environment. Zapier’s docs describe it as your gateway to creating custom applications with a code-first approach (installable via npm). It supports version control, team collaboration, and CI-friendly deployment patterns.

Best for Engineering teams, complex logic, shared libraries, code review, CI/CD, TypeScript-friendly workflows.
Tradeoffs More setup (Node tooling), requires coding comfort, may feel heavier for simple integrations.

Under the hood: Zapier Platform v3

Zapier notes that all new integrations are built using Zapier Platform v3. You’re essentially shipping a set of “building blocks” (triggers/actions/searches) that Zapier can execute on behalf of the user’s Zaps.

A Zap is simple conceptually: one trigger starts the workflow, then one or more actions run. Some action steps are “searches” (find something before creating/updating something else).

3) Triggers, Actions, and Searches (the primitives of a Zapier integration)

What you build; what Zapier runs; what users see in the Zap editor

Triggers

Every Zap begins with a trigger. Zapier describes triggers as how users start automated workflows when an item is added or updated in your app: new contacts, records, tasks, form entries, etc.

Actions

Actions are the steps a Zap performs after the trigger fires. Actions commonly create or update data: create a CRM lead, post a message, add a spreadsheet row, update a database record, generate a document, etc.

Searches

Searches are a special class of action that “finds” something rather than creating it. Zapier’s platform includes a dedicated “Search action” type so users can locate an existing record before deciding what to do next (e.g., “Find contact, then update it; otherwise create it”).

Polling vs instant triggers

Triggers usually come in two flavors:

  • Polling triggers: Zapier calls your endpoint on an interval and checks for new items.
  • Instant triggers (REST Hook triggers): Zapier subscribes to your server and your app pushes events to a Zap-specific URL.

Zapier’s docs for REST Hook triggers explain that Zapier uses a unique URL per activated Zap; your server sends a payload to that URL to trigger the Zap immediately.

Input fields and output fields

Integrations live or die on UX details:

  • Input fields define what a user can configure in a Zap step (e.g., “Project,” “Assignee,” “Message”).
  • Output fields define what data becomes available to later steps (e.g., record ID, timestamps, URLs).

A good practice is to model fields to match your API semantics, keep labels user-friendly, and include help text that explains where the user finds required values (especially API keys).

A practical mental model for builders

Think of Zapier as running a small “adapter” for your product. Your adapter defines:

  • How users authenticate
  • How Zapier fetches items (triggers/searches)
  • How Zapier creates/updates items (actions)
  • How to map user inputs → API requests → normalized output fields

The best integrations hide complexity: users shouldn’t need to understand your API to automate your product effectively.

4) Authentication: OAuth v2, API key, Basic, and Session Auth

The #1 cause of integration friction is account connection

OAuth v2 (preferred)

Zapier’s platform docs state that OAuth v2 is the preferred scheme when possible because it simplifies account connection and matches modern integration expectations. Users authenticate via your app’s site (authorization flow), and Zapier stores the token for subsequent API calls.

Zapier’s OAuth docs emphasize the redirect URL pattern: you configure your app’s OAuth settings with Zapier’s redirect URL, and the integration references redirect values like {{bundle.inputData.redirect_uri}} during the flow. 

// (Illustrative) OAuth v2 token exchange pattern in Zapier-style pseudo-code
// 1) User authorizes on your site (Zapier opens a popup)
// 2) Your app redirects back to Zapier with a code
// 3) Zapier exchanges code for token via your token endpoint
// 4) Zapier stores the token and includes it on future requests

API Key Auth (next best)

Zapier supports API key authentication as a common option after OAuth. Zapier’s docs recommend that if you use API keys, users should be able to obtain their key in your product without human intervention (no support tickets required). Your Zapier auth form should include clear help text so users can find the key quickly.

Good UX Provide a “copy API key” button inside your product + a direct deep link from Zapier help text.
Security note Use scoped keys when possible (read/write scopes), and allow revocation/rotation. 
// Example of API key auth usage conceptually:
// Authorization: Bearer <API_KEY>
// or header: X-API-Key: <API_KEY>
// Zapier can store the key and include it in requests for the user’s Zaps.

Basic Auth

Zapier supports Basic Authentication for legacy or simple services. It’s usually a last resort because it requires the user to provide credentials directly (username/password), which many modern products avoid.

If you must use Basic Auth, consider offering app-specific passwords or “API passwords” to reduce risk.

Session Auth

Zapier also supports Session Authentication, described as combining elements of Basic Auth and OAuth-like flows: Zapier exchanges user credentials for a token (similar to a browser session cookie), then uses that token for subsequent calls.

Session Auth is useful when your API uses a “login endpoint → session token” pattern and OAuth isn’t available.

Choosing auth (decision guide)

Auth type When to use Pros Cons
OAuth v2 Modern SaaS, multi-user, permissions/scopes, best UX Trusted flow, revocable tokens, can request scopes More setup, requires OAuth infrastructure
API key Simple developer tools, internal systems, tokens already exist Fast to implement, minimal redirects Users must find key; scope/rotation vary by product
Session Login → token style APIs without OAuth Matches existing auth flow Credentials handled in Zapier; token refresh patterns vary
Basic Legacy systems Easy to understand, widely supported Worst UX/security in modern contexts

Zapier’s docs explicitly recommend OAuth v2 where possible and treat API key as “next best.” That guidance is worth following because authentication friction is one of the biggest reasons users abandon setup.

5) Platform development workflow: build → test → version → publish

How to ship a reliable integration without breaking existing users

Build and test locally (CLI path)

The CLI tutorial walks through building an example app, testing, and pushing it to Zapier. The core idea is you define triggers/actions/searches in code, run tests (including manual “zap runs” in the editor), and then push versions. 

# Typical CLI-style workflow (illustrative)
npm install -g zapier-platform-cli
zapier login
zapier init my-app
zapier test
zapier push

Treat every push as a versioned release. Use Git tags + release notes so your team can trace behavior changes.

Build in the Platform UI (visual path)

The Platform UI tutorial focuses on building an integration with authentication, a trigger, and an action using a browser-based builder. This can be a fast route to an MVP integration when your logic maps cleanly to HTTP requests.

Recommendation Start with a minimal “core loop”: 1 trigger + 1 create action + 1 search action.
Then expand Add the top few actions users ask for (recommended triggers/actions docs are a helpful checklist).

Versioning and change management (don’t break Zaps)

Zapier integrations are used inside thousands of workflows. A seemingly small change can cause major disruptions: changing IDs, renaming required fields, or changing how deduplication works can trigger unexpected Zap runs.

Zapier’s “change perform method for polling trigger” guidance highlights that changing primary keys or endpoints can cause dedup issues and old records to trigger unexpectedly. In other words: once you ship a trigger, treat its output schema as a contract.

Best practice: add fields; don’t remove/rename critical ones. Keep a stable id (or equivalent) for deduplication, and if you must change it, plan a migration strategy and communicate clearly.

6) Powered by Zapier Workflow API: embed Zapier inside your product

Native workflow building, managed auth, and in-app Zap management

What is the Workflow API?

Zapier’s “Powered by Zapier” docs describe the Workflow API as a tool for building workflow experiences for your end users, letting them discover and manage workflows directly within your product. The “Getting Started” page describes it as access to the industry’s largest integration directory (thousands of apps), enabling users to craft and manage workflows in your UI.

If your goal is “Zapier inside my app” (not “my app inside Zapier”), this is the right product surface.

What you can build with Powered by Zapier

The embed toolkit is broader than endpoints. It typically includes:

  • Workflow creation UI that matches your product’s look and feel
  • Managed authentication flows so users can connect apps safely
  • Zap discovery and templates relevant to your product
  • Zap management (list, filter, inspect steps, enable/disable)

Zapier’s embed overview also notes that your integration must be published as a public integration in Zapier’s App Directory to use the embed solution.

Who should use this?

Situation Best Zapier surface Why
You want your app to appear in Zapier so users can automate it Developer Platform Build triggers/actions/searches; publish to directory
You want users to create workflows inside your product UI Workflow API (Powered by Zapier) Embed workflow builder + managed auth + zap creation APIs
You want an AI agent/assistant to run actions across apps Zapier MCP Standard tool protocol for AI clients to invoke actions

7) Workflow API endpoints: Apps, Authentications, Zaps

How embedded workflow builders discover apps and create/manage user workflows

Key endpoint families (high-level)

The Powered by Zapier API reference includes endpoints for listing apps, listing zaps, and managing authentications. A few examples from the docs include:

Category Example endpoints What it’s for
Apps GET /apps (v2) List apps (often sorted by popularity), help users choose triggers/actions
Zaps GET /zaps (v2) List the user’s zaps; can expand details and filter
Authentications GET /authentications, POST /authentications Managed auth objects used to create workflows

Tip: Don’t expose raw endpoints directly to browsers. Use a server-side proxy to protect secrets and enforce per-user quotas.

Listing a user’s zaps (v2)

Zapier’s “retrieving a list of zaps” guidance mentions leveraging the /zaps endpoint, filtering by input values, using the expand parameter to include more detail (like step info), and using scopes such as zap:all to return all owned Zaps on a user’s account (depending on paired apps). 

// (Illustrative) Fetch Zaps
GET https://api.zapier.com/v2/zaps
Authorization: Bearer <User Access Token>

# Optional: expand details
GET /v2/zaps?expand[]=steps

Authentications (managed auth objects)

The Workflow API includes authentication endpoints used to create and retrieve “Authentications” for a given app. The docs note that listing authentications returns those owned by the user (since you can’t create Zaps with authentications you don’t own). 

// (Illustrative) List Authentications for an app
GET https://api.zapier.com/v2/authentications?app_id=123
Authorization: Bearer <User Access Token>

# Create an Authentication (server-side)
POST https://api.zapier.com/v2/authentications
Authorization: Bearer <User Access Token>
Content-Type: application/json

Authentication for Workflow API (User Access Token + OAuth scopes)

Powered by Zapier’s authentication docs describe multiple methods depending on which endpoints you’re calling. One commonly referenced method is a User Access Token that requires choosing the correct OAuth scopes for your use case. The docs also note that a Client ID and Client Secret are available after your app is published as a public integration, and that regenerating the client secret invalidates the previous secret.

Practical takeaway: treat user access tokens like high-value secrets. Scope them minimally, store them securely, and rotate if you suspect leaks.

8) Zapier MCP (Model Context Protocol): connect AI assistants to Zapier actions

The modern “AI tool” surface; beta and included in plan

What Zapier MCP is

Zapier describes MCP as a standardized way to connect AI assistants to thousands of apps and services, enabling an AI to take real actions (send messages, create tasks, update records) through natural language commands. Zapier MCP is currently in beta and part of your existing Zapier plan.

Best for AI assistants that need “tools” to do work, not just talk.
Examples “Create a Trello card,” “Update a HubSpot deal,” “Add a Google Calendar event,” “Send a Slack message.”

Quickstart concept (how MCP works)

MCP integrations typically involve:

  1. Configure a Zapier MCP server in Zapier’s dashboard
  2. Connect it to an MCP client (an AI assistant / agent platform)
  3. The client calls tools; Zapier executes actions and returns results

Zapier’s MCP quickstart describes getting up and running in minutes and notes it works similarly across MCP clients (Claude is a common example).

MCP usage & billing (beta)

Zapier’s MCP usage overview explains how usage is tracked, what limits apply, and how billing works during beta. The key point called out in multiple MCP pages: MCP is currently in beta and part of your existing Zapier plan.

Product design tip: if you ship MCP-based features, build clear user messaging around permissions, connected accounts, and what the AI is allowed to do. “AI that can act” requires higher trust than “AI that can chat.”

Important note: AI Actions vs MCP

Zapier previously offered “AI Actions” as a natural language action API for AI products; however, Zapier’s help documentation states that AI Actions is no longer being developed and supported and points users to Zapier MCP as the fully supported experience.

Translation: if you’re starting fresh, prioritize MCP for new AI agent integrations.

9) Webhooks, API Request steps, and “bring your own API” patterns

How Zapier users call APIs even without a custom integration

Webhooks by Zapier (user-facing API calls)

Many Zapier users rely on Webhooks steps when an app doesn’t have a dedicated action, or when they need a custom endpoint. This is important for you as a developer because:

  • Your API should support clean JSON responses (and meaningful errors).
  • You should document header auth patterns clearly (Bearer token, API key headers, etc.).
  • You should provide stable IDs in response payloads so users can map outputs.

If your product has customers who build Webhooks-based Zaps, creating an official Zapier integration can dramatically improve UX and reduce support load.

Instant triggers via REST Hooks

Zapier supports instant triggers using REST Hook subscriptions. Zapier’s docs describe that Zapier subscribes to your server with a unique URL per Zap, and your app posts event payloads to that URL when the trigger event occurs.

This model is often more real-time than polling and can reduce API load—if your webhook infrastructure is reliable and secure. 

// (Illustrative) Your server pushes a trigger event:
POST https://hooks.zapier.com/hooks/catch/...unique-per-zap...
Content-Type: application/json

{
  "id": "evt_123",
  "type": "contact.created",
  "created_at": "2026-02-08T10:11:12Z",
  "contact": { "id": "c_999", "email": "user@example.com" }
}

10) Best practices: reliability, security, and scale

What high-quality Zapier integrations do differently

Reliability checklist

  • Idempotency: create actions should be safe to retry; use idempotency keys if your API supports them.
  • Stable primary keys: keep a stable id field for dedup and record linking.
  • Pagination: ensure triggers/searches support pagination (limit/offset/cursor).
  • Rate limits: handle 429s gracefully; Zapier may retry; your API should return clear headers when possible.
  • Timeouts: keep endpoints fast; avoid long-running synchronous operations; consider async job endpoints.

Zapier workflows are often business-critical. Small reliability issues show up as “Zap failed” tickets—so invest early in clean errors and consistent schemas.

Security checklist

  • Use OAuth v2 when possible and scope tokens minimally.
  • Rotate secrets (client secrets, API keys) and support revocation.
  • Webhook verification: sign webhook payloads or include shared secrets to prevent spoofing.
  • Least privilege: do not over-request OAuth scopes “just in case.”
  • Auditability: log action runs server-side with request IDs and user IDs (privacy-aware).

UX best practices (how to make users love your Zapier integration)

Use friendly field labels and add help text that points users to where they find required values in your app.

Return human-readable names along with IDs so users can map fields without guesswork.

Offer search actions for common objects (contacts, accounts, projects) so users can build “find-or-create” flows.

Provide sample data that looks realistic (not empty placeholders) to make mapping easier.

Keep defaults sensible: newest-first triggers, clear sorting, and safe limits.

Document edge cases: permissions, deleted records, partial fields, and how updates behave.

Production architecture patterns

Zapier Platform integrations are “serverless” from your perspective—Zapier calls your endpoints on behalf of users. But you still want a production-grade API and a robust integration strategy:

Area Recommended approach Why it matters
API stability Version your API; keep fields backwards compatible; deprecate slowly Prevents breaking existing Zaps
Webhooks Signed payloads + retry queues + deduplication Instant triggers are only as good as your webhook delivery
Rate limiting Per-tenant quotas; return clear 429s; exponential backoff guidance Protects your infrastructure; improves support outcomes
Observability Request IDs, structured logs, dashboards, and alerting Faster debugging, fewer escalations
Permissions Least privilege OAuth scopes; granular API keys Reduces blast radius if tokens leak

If you embed Zapier using Workflow API, add an additional layer: a secure backend that stores user access tokens and enforces “who can build what” inside your product experience.

11) Zapier API FAQ

Fast answers to the questions developers ask most
Is there a single “Zapier REST API” for everything? +
Not exactly. “Zapier API” can refer to the Developer Platform (build integrations), the Powered by Zapier Workflow API (embed Zap creation/management inside your product), or Zapier MCP (AI assistants calling actions as tools). Pick the surface that matches your goal.
How do I make my product appear in Zapier’s App Directory? +
Use the Zapier Developer Platform to build a Zapier integration (triggers/actions/searches), test it, version it, and submit it for review/public listing. Zapier notes that new integrations use Platform v3 and can be built in the Platform UI or Platform CLI.
What’s the difference between Workflow API and building a normal integration? +
A normal integration makes your app usable inside Zapier (users create Zaps in Zapier). Workflow API brings Zapier’s workflow creation and management into your app, letting your users build and manage workflows without leaving your product.
What authentication should I use for a Zapier integration? +
Zapier’s platform guidance prefers OAuth v2 when available. API key auth is commonly the next best option. Basic and Session Auth are supported but usually less ideal. Choose the approach that matches your product’s security model and user experience.
How do instant triggers work? +
Instant triggers typically use REST Hook triggers. Zapier subscribes to your server with a Zap-specific URL. When the event happens in your app, your server posts the payload to that unique URL and the Zap fires immediately.
Should I build AI Actions or MCP for agents? +
Zapier’s own help content indicates AI Actions is no longer being developed and supported, and recommends Zapier MCP as the supported path. For new AI integrations, MCP is generally the direction to prioritize.
Can users call my API through Zapier even if I don’t have an integration? +
Often yes, through Webhooks / API Request-style steps. But it’s usually a worse UX than a dedicated integration because users must handle auth headers, request bodies, pagination, and parsing themselves. An official integration reduces friction and support load.
What’s the biggest mistake developers make with Zapier integrations? +
Breaking changes: changing IDs or core output fields, changing dedup behavior, or removing fields that existing Zaps rely on. Treat your trigger/action output schema like a public API contract, and use versioning/migrations when changes are unavoidable.

12) Official Zapier docs (primary references)

Use these to verify current behavior, scopes, endpoints, and product availability

Official documentation is the source of truth. These links are the best starting points:

If you need to implement something precisely (scopes, endpoint request schemas, or webhooks), always cross-check the exact doc page for that endpoint, because platform behavior and requirements can change over time.