Security

Our user’s security is paramount. By default, we deny any embedding of our product unless you provide us with a list of domains that you expect to embed Zapier in. This protects the user from malicious activities like Clickjacking. An example of what the user would see if you were to attempt to embed Zapier and the embedding domain was not registered with us:

To provide us a list of unique domains you’ll embed Zapier in:

  • if you’ve already embedded our Product, you’re in luck! We should have already captured this and have permitted your product domains. Should we have missed any, please reach out to us so we can add your domain.
  • else if you’ve already applied for a Partner API access: contact partners@zapier.com and include the domains you’d like to register.
  • otherwise, when you apply for the Partner API access you’ll have the opportunity to supply us the embedding domains inside of the form.