Zapier & Make integration — connect FTC changes to 7,000+ apps

[bd73-com]

Summary

Add Zapier REST Hooks integration and Make webhook documentation so Power-tier users can connect FetchTheChange change events to thousands of external apps without running a server. Zapier subscribes/unsubscribes programmatically via new API endpoints; FTC delivers to registered hookUrls when changes fire. Make works via FTC's existing webhook system with a new dedicated docs page.

Changes

Backend — automation subscriptions

• New automation_subscriptions table (shared/schema.ts) with userId, platform, hookUrl, nullable monitorId, active flag, timestamps, and indexes
• Storage methods: count, create (with dedup/upsert), deactivate, get active, touch (server/storage.ts)
• AUTOMATION_SUBSCRIPTION_LIMITS.maxPerUser = 25 in shared/models/auth.ts
• ensureAutomationSubscriptionsTable() with unique partial dedup index (server/services/ensureTables.ts)
• Explicit cleanup in deleteMonitor transaction

Backend — delivery service

• deliverToAutomationSubscriptions() in server/services/automationDelivery.ts — fans out via ssrfSafeFetch with Promise.allSettled, no HMAC header, 5s timeout
• Wired into processChangeNotification() after conditions check, before hasActiveChannels gate — so Zapier fires even when all traditional channels are disabled

Backend — API endpoints

• POST /api/v1/zapier/subscribe — SSRF check, subscription limit, monitor ownership, dedup
• DELETE /api/v1/zapier/unsubscribe — accepts id from body or query param (proxy fallback)
• GET /api/v1/zapier/monitors — monitor list for Zapier input dropdown
• GET /api/v1/zapier/changes — polling fallback for Zap testing (3 most recent)
• Zod schemas with hookUrl max(2048), coerced query params (shared/routes.ts)

Zapier CLI app

• Complete integrations/zapier/ project: package.json, index.js, authentication.js, triggers/monitorChanged.js, README.md
• Ready to submit to Zapier partner program (not deployed as part of this PR)

Frontend — documentation pages

• /docs/zapier — setup guide, payload reference, example Zap recipes, troubleshooting
• /docs/make — step-by-step webhook setup with Make's Custom Webhook module
• Cross-links from /docs/webhooks and /developer integration guides section

Frontend — downstream surfaces

• Pricing: "Zapier integration (7,000+ apps, no server required)" in Power tier only
• UpgradeDialog: "Zapier integration (7,000+ apps)" in power features only
• Support FAQ: "Zapier & Make" section with 6 items (after API Access, before Troubleshooting)
• docsAccuracy.test.ts: 8 new tests for Zapier/Make routes, pricing, FAQ, upgrade dialog

Tests

• server/services/automationDelivery.test.ts — 8 tests: success/failure delivery, parallel fan-out, no HMAC header, console.log on success
• shared/zapierSchemas.test.ts — 14 tests for Zod schema validation

Tier gating

• Zapier endpoints: Power-only via existing apiKeyAuth middleware
• Make integration: Pro + Power (uses existing webhook channel)

Security hardening

• SSRF check on hookUrl at subscribe time (isPrivateUrl) + at delivery time (ssrfSafeFetch)
• hookUrl NOT returned in subscribe response (bearer credential)
• Subscription limit: 25 active per user
• Dedup: upsert logic + unique partial index at DB level
• No HMAC X-FTC-Signature-256 header sent to Zapier hookUrls
• hookUrl max length 2048 chars
• Conditions gate automation deliveries — Zap only fires if conditions pass

How to test

1. Generate a Power API key from dashboard
2. curl -X POST /api/v1/zapier/subscribe -H "Authorization: Bearer <key>" -H "Content-Type: application/json" -d '{"hookUrl":"https://webhook.site/your-id"}' → 201 with subscription id
3. Trigger a monitor check → confirm payload arrives at webhook.site
4. curl -X DELETE /api/v1/zapier/unsubscribe -H "Authorization: Bearer <key>" -H "Content-Type: application/json" -d '{"id":1}' → 204
5. Trigger another check → no payload (subscription inactive)
6. Visit /docs/zapier logged out → page renders
7. Visit /docs/make logged out → page renders
8. /pricing → "Zapier integration" in Power column only
9. /support → "Zapier & Make" section with 6 items
10. npm run check && npm run test && npm run build → all pass

https://claude.ai/code/session_01H4nfFd3LdtiMvS7UUNrsNB

Summary by CodeRabbit

• New Features

  • Zapier integration: Power tier users can connect to 7,000+ apps with automated triggers on monitored value changes
  • Make integration: Power/Pro tier users can integrate with Make via webhooks

• Documentation

  • New Zapier and Make integration guides with setup instructions and payload references
  • Expanded developer docs and a Zapier & Make FAQ section

[coderabbitai]

Warning

Rate limit exceeded

@bd73-com has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 13 minutes and 10 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 13 minutes and 10 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 52896ec2-3ad7-4790-8ca2-d966ab0a0506

📥 Commits

Reviewing files that changed from the base of the PR and between 9148d64 and 1274c52.

📒 Files selected for processing (1)

• integrations/zapier/triggers/monitorChanged.js

📝 Walkthrough

Walkthrough

Adds Zapier and Make integrations: new frontend docs/routes, Zapier CLI app, Zapier REST webhook API (subscribe/unsubscribe/monitors/changes) with SSRF checks and per-user limits, DB schema and storage for automation_subscriptions, delivery service for webhook dispatch, and wiring into notification processing.

Changes

Cohort / File(s)	Summary
Frontend routes & docs client/src/App.tsx, client/src/pages/DocsZapier.tsx, client/src/pages/DocsMake.tsx, client/src/pages/DocsWebhooks.tsx, client/src/pages/Developer.tsx	Added /docs/zapier and /docs/make pages and registered routes; cross-links from webhooks and developer pages.
Pricing / Marketing UI CHANGELOG.md, client/src/pages/Pricing.tsx, client/src/components/UpgradeDialog.tsx, client/src/pages/Support.tsx	Announced Zapier/Make entries; added Zapier feature to Pricing/Upgrade dialog and new FAQ section.
Zapier CLI app integrations/zapier/package.json, integrations/zapier/index.js, integrations/zapier/authentication.js, integrations/zapier/triggers/monitorChanged.js, integrations/zapier/README.md	New Zapier app: API-key auth, trigger implementation (subscribe/unsubscribe/list/perform), sample payload and README.
Server routes & schemas server/routes/zapier.ts, server/routes/v1.ts, shared/routes.ts	New v1 endpoints mounted at /api/v1/zapier/* with Zod schemas; endpoints include SSRF validation, validation error handling, subscription limits, monitor ownership checks, and changes polling.
Database schema & storage shared/schema.ts, server/services/ensureTables.ts, server/storage.ts	Added automation_subscriptions table, relations and types; ensure-tables initializer; extended storage interface for create/list/deactivate/count/touch and cleanup on monitor delete; added DB unique index for active subscription deduplication.
Automation delivery service server/services/automationDelivery.ts, server/services/automationDelivery.test.ts	New deliverToAutomationSubscriptions(): queries active subs, posts JSON payloads to hookUrl in parallel (Promise.allSettled), logs successes/failures, updates lastDeliveredAt, and has comprehensive tests for success, failures, and isolation.
Notification integration & startup server/services/notification.ts, server/routes.ts	Fires automation delivery as fire-and-forget during change processing (before channel active check); server startup ensures automation_subscriptions table exists and logs critical failure if missing.
Auth & limits shared/models/auth.ts	Added exported AUTOMATION_SUBSCRIPTION_LIMITS { maxPerUser: 25 }.
Tests & QA shared/zapierSchemas.test.ts, server/docsAccuracy.test.ts, server/routes.conditions.test.ts	Added schema unit tests, updated doc-accuracy and route-registration tests, and ensured ensureTables mock includes new table initializer. Critical paths validated in tests.

Sequence Diagram(s)

sequenceDiagram
    participant User as User / Zapier
    participant ZapierApp as Zapier CLI App
    participant FTC as FTC API (v1/zapier/*)
    participant DB as PostgreSQL
    participant Webhook as External Webhook URL

    User->>ZapierApp: Configure trigger (API key, monitor)
    ZapierApp->>FTC: POST /api/v1/zapier/subscribe { hookUrl, monitorId? }
    FTC->>FTC: Validate input (Zod) & SSRF check
    FTC->>DB: Insert automation_subscriptions row
    DB-->>FTC: Created subscription
    FTC-->>ZapierApp: { id, createdAt, ... }

    Note over FTC,DB: Later — change detected
    ZapierApp->>FTC: (not involved at event time)
    User->>FTC: Monitor change detected
    FTC->>FTC: Evaluate alert conditions
    FTC->>FTC: deliverToAutomationSubscriptions(monitor, change)
    FTC->>DB: Query active automation_subscriptions
    DB-->>FTC: [{ hookUrl, platform, id, monitorId }]
    FTC->>Webhook: POST payload to each hookUrl (parallel)
    Webhook-->>FTC: 200 OK / error
    FTC->>DB: touchAutomationSubscription(id) on success

Loading

sequenceDiagram
    participant Zapier as Zapier Platform
    participant ZapierApp as FTC Zapier App
    participant FTC as FTC API (v1/zapier/*)
    participant DB as PostgreSQL

    Zapier->>ZapierApp: Request monitors dropdown
    ZapierApp->>FTC: GET /api/v1/zapier/monitors
    FTC->>DB: SELECT monitors for user
    DB-->>FTC: [{ id, name, url, active }]
    FTC-->>ZapierApp: monitor list (for dropdown)

    Zapier->>ZapierApp: Request sample trigger data
    ZapierApp->>FTC: GET /api/v1/zapier/changes?monitorId=X&limit=3
    FTC->>DB: Query monitor_changes
    DB-->>FTC: [{ oldValue, newValue, detectedAt, ... }]
    FTC-->>ZapierApp: sample payloads

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Add per-monitor notification preferences #64 — related automation delivery and processChangeNotification integration work.
• Conditional alerts — filter notifications by numeric, text, and regex rules #129 — changes to notification condition-gating that intersect with automation dispatch ordering.
• Add public REST API with API key management (Phase 3) #77 — earlier API v1 surface and routing additions that this PR extends.

Security note: SSRF protections are added in subscribe endpoints and should be carefully reviewed for completeness (allowlist/regex, DNS/TCP blocking, and handling of redirects).

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 40.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and accurately summarizes the main feature: Zapier & Make integration enabling connection of FTC changes to thousands of apps.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/zapier-make-integration-lhMg8

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}