From 4830196938305e135bf052f8f4d010ea449d195d Mon Sep 17 00:00:00 2001 From: marinahand Date: Thu, 14 Mar 2024 16:33:46 -0600 Subject: [PATCH] adding publishbot and other misc changes --- docs/_build/authentication/apikeyauth.md | 2 +- docs/_build/authentication/basicauth.md | 2 +- docs/_build/authentication/digestauth.md | 2 +- docs/_build/authentication/oauth.md | 2 +- docs/_build/authentication/sessionauth.md | 2 +- docs/_embed/security.md | 6 ++++-- docs/_manage/versions/migrate.md | 2 +- docs/_manage/versions/promote.md | 2 ++ .../launch-process/integration-publishing-requirements.md | 4 ++-- docs/_publish/launch-process/public-integration.md | 2 +- 10 files changed, 15 insertions(+), 11 deletions(-) diff --git a/docs/_build/authentication/apikeyauth.md b/docs/_build/authentication/apikeyauth.md index 39b20c8f..e7d3ae4f 100644 --- a/docs/_build/authentication/apikeyauth.md +++ b/docs/_build/authentication/apikeyauth.md @@ -47,7 +47,7 @@ Since API Key authentication allows you to create a custom input form, you can u -- **Default Value**: Include a value for this field to be used as a fallback. For optional fields, the default value is set on initial connection creation and used in the API call instead of missing or null values every time the Zap runs. For required fields, this value is used during connection creation, but not when the Zap runs (Zapier raises an error for missing/null values instead). -- Input fields marked as password and all authentication fields with sensitive, private data such as API keys from API Key auth are automatically censored at runtime. These values are stored in the Auth bundle and used in API calls, but are replaced in Zapier’s logs with a censored value like this `:censored:6:82a3be9927:`. +- Input fields marked as password and all authentication fields with sensitive, private data such as API keys from API Key auth are automatically censored at runtime. These values are stored in the Auth bundle and used in API calls, but are replaced in Zapier’s logs with a censored value like this `:censored:6:82a3be9927:`. Due to this, it is not possible to view the exact tokens or keys in Zapier's logs. To verify that the same token as was returned by the authentication, is being used in subsequent API calls; you can compare censored value characters, for example `:censored:6:82a3be9927:` would have the same value ending in 9927 when used in a subsequent call. - Computed fields are not applicable to API Key authentication and are only used with OAuth v2 and Session Auth. diff --git a/docs/_build/authentication/basicauth.md b/docs/_build/authentication/basicauth.md index 3269d676..061d9b4f 100644 --- a/docs/_build/authentication/basicauth.md +++ b/docs/_build/authentication/basicauth.md @@ -45,7 +45,7 @@ Use Basic Auth if your API requires a username and password or other basic field ![Zapier Basic Auth Input Form](https://cdn.zappy.app/f4346b3456ea0080862db2eae7108050.png) -- Input fields marked as password and all authentication fields with sensitive, private data such as both username and password from Basic Auth are automatically censored at runtime. These values are stored in the Auth bundle and used in API calls, but are replaced in Zapier’s logs with a censored value like this `:censored:6:82a3be9927:`. +- Input fields marked as password and all authentication fields with sensitive, private data such as both username and password from Basic Auth are automatically censored at runtime. These values are stored in the Auth bundle and used in API calls, but are replaced in Zapier’s logs with a censored value like this `:censored:6:82a3be9927:`. Due to this, it is not possible to view the exact tokens or keys in Zapier's logs. To verify that the same token as was returned by the authentication, is being used in subsequent API calls; you can compare censored value characters, for example `:censored:6:82a3be9927:` would have the same value ending in 9927 when used in a subsequent call. - Computed fields are not applicable to Basic Authentication and are only used with OAuth v2 and Session Auth. diff --git a/docs/_build/authentication/digestauth.md b/docs/_build/authentication/digestauth.md index 8b10280d..eaf40a5e 100644 --- a/docs/_build/authentication/digestauth.md +++ b/docs/_build/authentication/digestauth.md @@ -40,7 +40,7 @@ Use Digest Auth if your API uses the [RFC 7616](https://tools.ietf.org/html/rfc7 **Default Value**: Include a value for this field to be used as a fallback. For optional fields, the default value is set on initial connection creation and used in the API call instead of missing or null values every time the Zap runs. For required fields, this value is used during connection creation, but not when the Zap runs (Zapier raises an error for missing/null values instead). -- Input fields marked as password and all authentication fields with sensitive, private data such as both username and password from Digest Auth are automatically censored at runtime. These values are stored in the Auth bundle and used in API calls, but are replaced in Zapier’s logs with a censored value like this `:censored:6:82a3be9927:`. +- Input fields marked as password and all authentication fields with sensitive, private data such as both username and password from Digest Auth are automatically censored at runtime. These values are stored in the Auth bundle and used in API calls, but are replaced in Zapier’s logs with a censored value like this `:censored:6:82a3be9927:`. Due to this, it is not possible to view the exact tokens or keys in Zapier's logs. To verify that the same token as was returned by the authentication, is being used in subsequent API calls; you can compare censored value characters, for example `:censored:6:82a3be9927:` would have the same value ending in 9927 when used in a subsequent call. - Computed fields are not applicable to Basic Authentication and are only used with OAuth v2 and Session Auth. diff --git a/docs/_build/authentication/oauth.md b/docs/_build/authentication/oauth.md index 808d3423..d5461aa7 100644 --- a/docs/_build/authentication/oauth.md +++ b/docs/_build/authentication/oauth.md @@ -52,7 +52,7 @@ If your integration requires OAuth v1 authentication, use the [Platform CLI](htt -- **Default Value**: Include a value for this field to be used as a fallback. For optional fields, the default value is set on initial connection creation and used in the API call instead of missing or null values every time the Zap runs. For required fields, this value is used during connection creation, but not when the Zap runs (Zapier raises an error for missing/null values instead). -- Input fields marked as password and all authentication fields with sensitive, private data such as both username and password from OAuth v2 are automatically censored at runtime. These values are stored in the Auth bundle and used in API calls, but are replaced in Zapier’s logs with a censored value like this `:censored:6:82a3be9927:`. +- Input fields marked as password and all authentication fields with sensitive, private data such as both username and password from OAuth v2 are automatically censored at runtime. These values are stored in the Auth bundle and used in API calls, but are replaced in Zapier’s logs with a censored value like this `:censored:6:82a3be9927:`. Due to this, it is not possible to view the exact tokens or keys in Zapier's logs. To verify that the same token as was returned by the authentication, is being used in subsequent API calls; you can compare censored value characters, for example `:censored:6:82a3be9927:` would have the same value ending in 9927 when used in a subsequent call. - Each input field is listed with its label, key, type, and required status in your authentication settings. Click the field to edit it, or click the gear icon and select _Delete_ to remove a field. diff --git a/docs/_build/authentication/sessionauth.md b/docs/_build/authentication/sessionauth.md index f8bed7f9..337f306f 100644 --- a/docs/_build/authentication/sessionauth.md +++ b/docs/_build/authentication/sessionauth.md @@ -42,7 +42,7 @@ Use Session authentication with your Zapier integration if your API is designed -- **Default Value**: Include a value for this field to be used as a fallback. For optional fields, the default value is set on initial connection creation and used in the API call instead of missing or null values every time the Zap runs. For required fields, this value is used during connection creation, but not when the Zap runs (Zapier raises an error for missing/null values instead). -- Input fields marked as password and all authentication fields with sensitive, private data such as both username and password from Session Auth are automatically censored at runtime. These values are stored in the Auth bundle and used in API calls, but are replaced in Zapier’s logs with a censored value like this `:censored:6:82a3be9927:`. +- Input fields marked as password and all authentication fields with sensitive, private data such as both username and password from Session Auth are automatically censored at runtime. These values are stored in the Auth bundle and used in API calls, but are replaced in Zapier’s logs with a censored value like this `:censored:6:82a3be9927:`. Due to this, it is not possible to view the exact tokens or keys in Zapier's logs. To verify that the same token as was returned by the authentication, is being used in subsequent API calls; you can compare censored value characters, for example `:censored:6:82a3be9927:` would have the same value ending in 9927 when used in a subsequent call. - Each input field is listed with its label, key, type, and required status in your authentication settings. Click the field to edit it, or click the gear icon and select _Delete_ to remove a field. diff --git a/docs/_embed/security.md b/docs/_embed/security.md index 48951716..6b4eba0b 100644 --- a/docs/_embed/security.md +++ b/docs/_embed/security.md @@ -12,7 +12,7 @@ User security is paramount. By default, Zapier denies any embedding of our produ This protects the user from malicious activities like [Clickjacking](https://www.owasp.org/index.php/Clickjacking). An example of what the user would see if you were to attempt to embed Zapier and the embedding domain was not registered: -![](https://zappy.zapier.com/d417e90269bb019fcbe5718d18eb572d.png) +![](https://cdn.zappy.app/4fb49db62ac6d5c41df46db7ccf3aab7.png) **NOTE:** the App Directory and Zap Template Elements are exempt from this as users are required to log in to their Zapier account after clicking on a Zap Template link. @@ -32,4 +32,6 @@ This protects the user from malicious activities like [Clickjacking](https://www - `localhost`, `yourcomp.local` and `127.0.0.1` are not valid supported domains. An option during your embed development would be to use a tunnel service like [ngrok](https://ngrok.com/) and to register that ngrok tunnel with us. Be advised, that we will ask for a static domain from ngrok.com or similar tunneling service. -- If the domain you're embedding on is added to the allowlist within _Manage Domains_, but you're seeing the `This embed is blocked` error, the [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) may be too restrictive/overly strict. You'll want to check Console/Network for the appropriate request to see the [referrer-policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) header. Using `strict-origin-when-cross-origin` as the referrer-policy is recommended. +- If the domain you're embedding on is added to the allowlist within _Manage Domains_, but you're seeing the `This embed is blocked` error, the [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) may be too restrictive/overly strict. You'll want to check Console/Network for the appropriate request to see the [referrer-policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) header. Using `strict-origin-when-cross-origin` as the referrer-policy is recommended. + +- For local development, use [ngrok](https://ngrok.com/) to make `https` test URLs when needed, as using `http` would be blocked, even if the domain has been added to the allowlist. diff --git a/docs/_manage/versions/migrate.md b/docs/_manage/versions/migrate.md index c7297a0b..2f0a3fa6 100644 --- a/docs/_manage/versions/migrate.md +++ b/docs/_manage/versions/migrate.md @@ -19,7 +19,7 @@ Zapier recommends migrating a small portion of your existing users to the new in Major changes would cause active Zaps to error and potentially turn off. They would require users to manually update the Zap in order to get it working again. Learn more about [breaking changes to your integration](https://platform.zapier.com/manage/making-changes), best practices and the user impacts. -Zapier recommends not to attempt to migrate users for major changes. Instead [deprecate the version](https://platform.zapier.com/manage/versions-ui#deprecating-versions) to prompt users to [manually update to the latest integration version](https://help.zapier.com/hc/en-us/articles/18755649454989-Update-to-the-latest-app-version-in-Zaps). Please note that deprecating a version is significantly more disruptive to our mutual users than migrating to the latest promoted version, or than leaving users on an older (now) private version when migration is not possible. +Zapier recommends not to attempt to migrate users for major changes. **Migration is not required unless the older version will no longer function.** If necessary, you can [deprecate the version](https://platform.zapier.com/manage/versions-ui#deprecating-versions) to prompt users to [manually update to the latest integration version](https://help.zapier.com/hc/en-us/articles/18755649454989-Update-to-the-latest-app-version-in-Zaps). Please note that deprecating a version is significantly more disruptive to our mutual users than migrating to the latest promoted version, or than leaving users on an older (now) private version when migration is not possible. When users are left on an older private version, they will see a [prompt in the Zap editor](https://help.zapier.com/hc/en-us/articles/18755649454989-Update-to-the-latest-app-version-in-Zaps) to encourage them to make the update themselves. diff --git a/docs/_manage/versions/promote.md b/docs/_manage/versions/promote.md index c74e0d2b..355a6742 100644 --- a/docs/_manage/versions/promote.md +++ b/docs/_manage/versions/promote.md @@ -8,6 +8,8 @@ redirect_from: After your integration has entered the beta or public status, you can set a new default version for public use. This process is called promoting a version. +Prior to promoting a version, run the [automated validation checks](https://platform.zapier.com/publish/integration-checks-reference). All Errors and Publishing Tasks must be validated. Warnings are non-blocking and not strictly required to proceed as they would not prevent you from promoting a version, though we do recommend you review them for usability of your integration. + ## Promote a version with Platform UI 1. Log into the [Platform UI](https://zapier.com/app/developer). diff --git a/docs/_publish/launch-process/integration-publishing-requirements.md b/docs/_publish/launch-process/integration-publishing-requirements.md index 7910401e..716d778a 100644 --- a/docs/_publish/launch-process/integration-publishing-requirements.md +++ b/docs/_publish/launch-process/integration-publishing-requirements.md @@ -11,7 +11,7 @@ redirect_from: We are excited you are creating an integration for the [Zapier Platform](https://zapier.com/developer-platform). We are here to help you understand our platform and its requirements to successfully prepare your Zapier integration for publishing. Thousands of partners have built integrations on the Zapier Platform, so our mutual users can set up Zaps as easily and quickly as possible. -Your Zapier integration can pass the review for publishing process quickly and smoothly when it meets these requirements. The requirements help maintain quality and consistency for all integrations listed in our [App Directory](https://zapier.com/apps). Please review them carefully before submitting for review to ensure your integration is compliant. +Your Zapier integration can pass the review for publishing process quickly and smoothly when it meets these requirements. The requirements help maintain quality and consistency for all integrations listed in our [App Directory](https://zapier.com/apps). Please review them carefully before submitting for review to ensure your integration is compliant. Ask the [PublishBot](https://publishbot.zapier.app/) or write in via the [contact form](https://developer.zapier.com/contact) for any questions. The requirements are arranged into multiple sections: [General](https://platform.zapier.com/publish/integration-publishing-requirements#1-general), [Meta](https://platform.zapier.com/publish/integration-publishing-requirements#2-meta), [Authentication](https://platform.zapier.com/publish/integration-publishing-requirements#3-authentication), [Triggers](https://platform.zapier.com/publish/integration-publishing-requirements#4-triggers), [Actions](https://platform.zapier.com/publish/integration-publishing-requirements#5-actions), [Searches](https://platform.zapier.com/publish/integration-publishing-requirements#6-searches), [Error Handling](https://platform.zapier.com/publish/integration-publishing-requirements#7-error-handling), and [Code](https://platform.zapier.com/integration-publishing-requirements#8-code). @@ -34,7 +34,7 @@ Before submitting your [Zapier integration for app review](https://platform.zapi * Test early with real users. Use the [invite links to beta test](https://platform.zapier.com/manage/share-integration) the integration. * Enable backend services so they’re live and accessible during review. * Include detailed explanations of non-obvious features in the publishing request notes, including supporting documentation where appropriate. Integrations with unclear aspects may be rejected during the review. -* Your developer should review the [integration check reference documentation](https://platform.zapier.com/publish/integration-checks-reference) while building your integration in order to pass the automatic validation when submitting for publishing. +* Your developer should review the [integration check reference documentation](https://platform.zapier.com/publish/integration-checks-reference) while building your integration in order to pass the automatic validation when submitting for publishing. To publish your integration, all Errors and Publishing Tasks must be validated. Warnings are non-blocking and not strictly required to proceed as they would not prevent you from promoting a version, though we do recommend you review them for usability of your integration. ## 1. General diff --git a/docs/_publish/launch-process/public-integration.md b/docs/_publish/launch-process/public-integration.md index 8006cba9..19868fe4 100644 --- a/docs/_publish/launch-process/public-integration.md +++ b/docs/_publish/launch-process/public-integration.md @@ -63,7 +63,7 @@ Learn more about testing your integration: After you've confirmed your integration is working as expected, you're almost ready to publish your app. To publish your integration, you need to submit your app for review by Zapier. -Before submitting your integration, review [Zapier’s integration publishing requirements](https://platform.zapier.com/publish/integration-publishing-guidelines) to ensure they are met. +Before submitting your integration, review [Zapier’s integration publishing requirements](https://platform.zapier.com/publish/integration-publishing-requirements) or ask the [PublishBot](https://publishbot.zapier.app/) for a smoother app review process. To submit your integration for app review: