Our user’s security is paramount. By default, we deny any embedding of our product unless you provide us with a list of domains that you expect to embed Zapier in. This protects the user from malicious activities like Clickjacking. An example of what the user would see if you were to attempt to embed Zapier and the embedding domain was not registered with us:
NOTE: the App Directory and Zap Template Elements are exempt from this as users are required to log in to their Zapier account after clicking on a Zap Template link.
To provide us a list of unique domains you’ll embed Zapier in:
- if you’ve already embedded our Product, you’re in luck! We should have already captured this and have permitted your product domains. Should we have missed any, navigate to the Embed > Settings section of the Developer Platform, and add the missing domains under the
- else if you’ve already applied for a Partner API access: contact firstname.lastname@example.org and include the domains you’d like to register.
- otherwise, when you apply for the Partner API access you’ll have the opportunity to supply us the embedding domains inside of the form.