Reference user-entered details with data bundles

Zapier stores data from users’ authentication and input forms for API calls in the bundle object. You can reference that data in your integration using {{bundle.bundleName.field}} text in API requests and connection labels, replacing bundleName with the bundle name and field with the input field key or API response field key you need. You can also reference bundles in custom code if you switch to Code Mode for a request, using the same name but without the curly brackets, for example return bundle.bundleName.field; to have JavaScript code return a specific field.

If an API response includes a nested field, you can reference it as field.nestedfield, for example {{}} to reference a name nested field inside the data field.

Zapier integrations include the following bundles:

  • authData
  • inputData
  • meta
  • rawRequest and cleanedRequest
  • outputData
  • targetURL
  • subscribeData
  • process.env


Reference with: {{bundle.authData.field}}

Includes data users enter into the authentication input form, including the username field for basic authentication and any other field added to the authentication input form with other authentication methods. Additionally, with OAuth v2, session authentication, and digest authentication, authData includes all data returned by the Token Exchange Endpoint url, referenced with the following, replacing field with the field name from your API response: {{bundle.authData.field}}

For example, the Access Token value will often be accessed via {{bundle.authData.access_token}} or {{bundle.authData.accessToken}}.

However, the authData bundle does not support nested objects: all values returned from authentication functions need to be at the top level. This bundle also does not include values provided by intermediate steps in OAuth v2 or session authentication flows, like redirect_uri.

Commonly used authData fields include:

  • Username: {{bundle.authData.username}}
  • Password: {{bundle.authData.password}}
  • Access Token: {{bundle.authData.access_token}} or {{bundle.authData.accessToken}}


Reference with: {{bundle.inputData.field}}

In authentication configuration, including connection labels, inputData contains the fields returned from the test API call, as well as some values provided by intermediate steps in more complex auth flows, such as the OAuth v2 redirect_uri. Values returned by the test API call are typically used to add a connection label to new integration connections.

In triggers and actions, inputData contains the data that users enter into the input forms for this particular run of the trigger or action. The {{curlies}} (mapped fields from previous Zap steps) are rendered with their raw data from previous steps.

If you want the input field data with the original {{curlies}} and not the data from previous steps, use {{bundle.inputDataRaw.field}} instead. This is less common.

Commonly used inputData fields include:

  • Zapier Redirect URI: {{bundle.inputData.redirect_uri}}
  • Authorization Code: {{bundle.inputData.code}}
  • ID of selected triggering event: {{}}


Reference with: {{bundle.meta.field}}

bundle.meta contains information on what the user is doing. It has the following options for field:

key default description
isLoadingSample false If true, this run was initiated manually via the Zap Editor
isFillingDynamicDropdown false If true, this poll is being used to populate a dynamic dropdown. You only need to return the fields you specified (such as id and name), though returning everything is fine too
isPopulatingDedupe false If true, the results of this poll will be used to initialize the deduplication list rather than trigger a zap. You should grab as many items as possible. See also: deduplication
limit -1 The number of items you should fetch. -1 indicates there’s no limit. Build this into your calls insofar as you are able
page 0 Used in paging to uniquely identify which page of results should be returned
isTestingAuth false (legacy property) If true, the poll was triggered by a user testing their account (via clicking “test” or during setup). We use this data to populate the auth label, but it’s mostly used to verify we made a successful authenticated request

rawRequest and cleanedRequest

Note: bundle.rawRequest and bundle.cleanedRequest are only available in the perform for webhooks, getAccessToken for OAuth v2 and performResume in callback actions.

Reference with: {{bundle.rawRequest}} or {{bundle.cleanedRequest.field}}

It includes the raw or cleaned information, respectively, from the HTTP request that triggered the perform method, or from the user’s browser request that triggers the getAccessToken call from OAuth v2 authentication. You can reference individual fields with cleanedRequest.

Use bundle.rawRequest if you need access to header data. In bundle.rawRequest, headers other than Content-Length and Content-Type will be prefixed with Http-, and all headers will be named in Camel-Case.


Reference with: {{bundle.outputData}}

Note: bundle.outputData is only available in the performResume in a callback action - read about that advanced functionality here.

Using bundle.outputData will return a whatever data you originally returned in the perform, allowing you to mix that with bundle.rawRequest or bundle.cleanedRequest.


Referenced with: {{bundle.targetUrl}}

In triggers using REST hooks, this returns the URL your app should send data to when the triggering event occurs, such as


Referenced with: {{bundle.subscribeData}}

In triggers using REST hooks, this includes the data returned by your API from the performSubscribe function. This should include all information needed to send a DELETE request to your server to stop sending webhook data to Zapier when the user turns off a Zap.


Reference with: {{process.env.field}}

Commonly used process.env fields include:

  • Client Secret: {{process.env.CLIENT_SECRET}}
  • Client ID: {{process.env.CLIENT_ID}}

Need help? Tell us about your problem and we’ll connect you with the right resource or contact support.