Zapier api reference | Cantina Docs

Endpoint to create a Zapier subscription.

post

This is how a Zap (An automated Zapier workflow that connects Cantina to other apps that have Zapier integrations) makes a subscription request to Cantina to be notified (via webhook) of events.

The payload contains a target_url which is the URL used as the webhook.

See https://docs.zapier.com/platform/build/hook-trigger#subscribe

Access control rules

The requester is authenticated.
The requester must be an admin for the given repository.

Body

all ofOptional

one ofOptional

or

and

Responses

201

Creation successful

application/json

400

Bad request

application/json

401

Access not authorised

application/json

403

Access forbidden

application/json

500

Internal server error

application/json

post

POST /api/v0/zapier/subscriptions HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 99

{
  "repositoryId": "123e4567-e89b-12d3-a456-426614174000",
  "kind": "finding_created",
  "targetUrl": "text"
}

{
  "id": "123e4567-e89b-12d3-a456-426614174000"
}

Endpoint to retrieve a Zapier subscription.

get

Access control rules

The requester is authenticated.
Non admin can retrieve only their subscription.
Admin can retrieve any subscription.

Path parameters

idstring · uuidRequired

Responses

200

A Zapier subscription

application/json

Responseall of

one ofOptional

or

and

400

Bad request

application/json

401

Access not authorised

application/json

403

Access forbidden

application/json

500

Internal server error

application/json

get

GET /api/v0/zapier/subscriptions/{id} HTTP/1.1
Host: 
Accept: */*

{
  "repositoryId": "123e4567-e89b-12d3-a456-426614174000",
  "kind": "finding_created",
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "userId": "123e4567-e89b-12d3-a456-426614174000",
  "targetUrl": "text"
}

Endpoint to return sample data for the Zap editor, helping users test triggers and map fields before activating their Zap.

get

See https://docs.zapier.com/platform/build/hook-trigger#perform-list

Access control rules

The requester is authenticated.

Path parameters

event_kindstring · enumRequired

Kind of event

Possible values:

Responses

200

List of zapier sample events

application/json

400

Bad request

application/json

401

Access not authorised

application/json

403

Access forbidden

application/json

500

Internal server error

application/json

get

GET /api/v0/zapier/subscriptions/events/{event_kind}/sample HTTP/1.1
Host: 
Accept: */*

[
  {
    "repositoryId": "123e4567-e89b-12d3-a456-426614174000",
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "number": 1,
    "title": "text",
    "severity": "critical",
    "likelihood": null,
    "impact": null,
    "assetGroup": null,
    "assets": [
      "123e4567-e89b-12d3-a456-426614174000"
    ],
    "createdAt": "2025-08-04T07:29:48.775Z",
    "kind": "finding_created"
  }
]

Deletes a Zapier subscription.

delete

Access control rules

The requester is authenticated.
Non admin, can only delete thier own subscriptions.
Admin can delete any subscription.

Path parameters

idstring · uuidRequired

Responses

204

Zapier subscription successfully deleted

400

Bad request

application/json

401

Access not authorised

application/json

403

Access forbidden

application/json

404

Subscription not found

application/json

500

Error deleting subscription

application/json

delete

DELETE /api/v0/zapier/subscriptions/{id} HTTP/1.1
Host: 
Accept: */*

No content