Zapier MCP: How to Connect Your AI to Thousands of Apps

Zapier MCP is Zapier's official remote Model Context Protocol server. It lets an AI assistant or agent take real actions across Zapier's app library (sending a Slack message, drafting an email, updating a CRM record) through natural-language tool calls, and you never write a single per-app API integration. You spin up a server at mcp.zapier.com, pick which app actions to expose, and connect a client like Claude, Cursor, or ChatGPT over a single URL. This guide covers what the server is, how to set it up, what tool calls actually look like, and how to keep the whole thing secure.

What is Zapier MCP?

In Zapier's own words, Zapier MCP is a "standardized way to connect AI assistants to thousands of apps and services" that lets "your AI take real actions." Zapier's official pages cite 9,000+ apps and 30,000+ actions (zapier.com/mcp, docs.zapier.com). The GitHub repo states a higher 40,000+ actions, so treat the exact count as approximate and vendor-stated. The tagline on zapier.com/mcp gets the value across: "Your AI can talk. Zapier MCP makes it act."

The Model Context Protocol itself is an open standard, originally developed by Anthropic and since picked up across the AI ecosystem. Clients including Claude and ChatGPT support it. Think of MCP as a two-way bridge between AI assistants and external tools. Zapier didn't invent the protocol. Its contribution is breadth. Instead of building a bespoke integration for every app your agent touches, you get one governed connection sitting on top of Zapier's integration and credential-management infrastructure, which the company has been building since it was founded in 2011.

Official vs community servers

Let's be precise about what exists. Zapier MCP is the official, first-party server, owned by Zapier, Inc. The zapier/zapier-mcp repository on GitHub (MIT-licensed) hosts setup guides and official Zapier plugins/tooling for the service. The MCP server itself runs in Zapier's cloud as a hosted product, though. You don't stand it up or npm install it yourself. So there's no reason to reach for a community fork. The canonical implementation is Zapier's hosted product.

Zapier MCP vs Zapier Agents

Zapier ships two related but distinct products. Zapier MCP connects an external AI client (Claude, Cursor, ChatGPT) to your apps via the protocol. It's aimed at developers and people working inside an AI chat tool. Zapier Agents are no-code AI agents that run inside Zapier's own web interface for non-technical users. Want your existing AI client to take actions? You want Zapier MCP.

How Zapier MCP works

Enable a specific app action on your server, say Gmail: Send Email, and that action becomes a dedicated tool your AI can call, with typed parameters like to, subject, and body. The set of tools your agent sees is exactly the set of actions you enabled, plus some configuration metadata. This is Zapier's "classic" server mode.

There's also a newer agentic mode (in Beta) that exposes a small set of static meta-tools, 14 of them, instead of one tool per action. These include list_enabled_zapier_actions (see currently enabled actions), discover_zapier_actions (find available apps), enable_zapier_action (add one), and execute_zapier_read_action / execute_zapier_write_action (run read or write actions). The agent can discover and execute actions in-chat. Since it's Beta, the exact tool list may shift.

One important detail: Zapier manages authentication, encryption, and rate limiting centrally. Your underlying app credentials (your Gmail OAuth token, your Salesforce login) are never exposed to the AI client. The client only ever sees the Zapier MCP endpoint.

How to set up Zapier MCP

Setup is mostly UI-driven and takes a few minutes. No terminal or config files needed for clients with native remote-MCP support.

Step 1: Create your MCP server

Per Zapier's help docs:

1. Go to mcp.zapier.com.
2. Click + New MCP Server.
3. Select your client from the dropdown (ChatGPT, Claude, Cursor, VS Code, Windsurf, Microsoft Copilot Studio, or Other).
4. Name the server and click Create MCP Server.

Step 2: Add and scope actions

Open the Configure tab, click + Add tool, search for an app, and choose specific actions (or Add all tools). Pick or create a connection to the underlying app and configure any fixed field values. Scope deliberately. Only enable the actions this particular agent actually needs.

Step 3: Choose authentication

Zapier MCP supports two auth methods, per the GitHub repo and client docs:

• API Key: best for personal use and local development. Generated at mcp.zapier.com.
• OAuth: best for building apps where end users connect their own Zapier account. The OAuth connect endpoint is https://mcp.zapier.com/api/v1/connect.

Step 4: Connect your client

Open the Connect tab for client-specific instructions and your server URL. The current transport is Streamable HTTP.

Important transport note: Per Zapier's docs, clients must support streamable HTTP, and Zapier states it "no longer support[s] SSE MCP servers." Plenty of 2024/early-2025 tutorials show the legacy pattern below, using an actions.zapier.com/.../sse URL bridged through npx mcp-remote:

{
  "mcpServers": {
    "zapier-mcp": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://actions.zapier.com/mcp/sk-ak-<id>/sse"
      ]
    }
  }
}

That legacy SSE endpoint is deprecated. Use the URL and instructions generated on your server's Connect tab instead. The mcp-remote bridge (a local stdio-to-remote shim that needs Node) is now only required for clients that can't speak remote HTTP MCP natively. Native clients connect directly by URL/OAuth.

Cursor: open settings, go to the MCP tab, click Add MCP Server, and paste the JSON config containing your Zapier MCP URL.

ChatGPT: add the server as a Custom Connector. Note that you must enable Developer Mode and manually refresh after changing tools.

Claude: connect via your Zapier-generated URL. MCP access is plan-dependent and may require organization-owner status.

Step 5: Test a tool call

Ask your AI client something concrete. For example:

Send a Slack message to #general saying the deploy finished.

The model picks the matching tool (e.g., a Slack "send channel message" action), fills the parameters, and Zapier runs the action. Check the History tab to confirm. It logs every action, with filtering.

Example capabilities

Zapier MCP shines on cross-app workflows where no single app owns the logic. Documented examples include:

• Support triage: read and classify a Zendesk ticket, route it to the right team, and notify Slack.
• Meeting recaps: draft a recap email after every client meeting.
• Daily summaries: summarize a busy Slack channel and draft replies.
• Content ops: read a Notion brief and write a first draft of a blog post.

Cross-app patterns like lead qualification and CRM enrichment show up a lot too. Just plan your scoping carefully for any workflow that writes to a system of record.

Permissions and security

Convenience concentrates risk. Zapier MCP puts action-taking power and credential access behind one endpoint. Treat the following as table stakes.

Treat the server URL like a password

Zapier is blunt about this: "Your MCP server URL is like a password. Do not share it, as it can be used to run your actions and access your data." If a URL leaks, rotate it with the Rotate token button on the Connect tab to invalidate the old one. OAuth-connected clients can be cut off immediately by deleting the server.

Least privilege

Enable only the actions an agent needs, and prefer read-only where you can. Zapier supports per-action toggles. You can, for instance, let a team look up a Salesforce contact but not delete one. Give each agent its own server rather than one over-scoped server shared across many.

Understand the residual risks

Independent commentators flag real concerns worth designing around. App tokens live in Zapier's multi-tenant cloud, and prompt injection / tool-poisoning attacks can trick an agent into misusing its access. So keep a human in the loop for sensitive actions, scope tightly, and audit via the History log. Zapier advertises SOC 2 Type II compliance, encrypted/rotated credentials, and centrally managed authentication and rate limiting. Useful stuff, but not a substitute for least-privilege design on your end.

Cost economics

Each successful tool call burns two Zapier tasks from your existing plan. Failed calls don't count. Zapier MCP is available on all plans with no separate contract, but the math matters: a Free plan's 100 tasks/month is roughly 50 MCP tool calls. Confirm current task-cost terms on the live docs before you rely on them, since they can change.

Troubleshooting

Most connection failures land in a few known buckets. Several are covered directly in Zapier's help docs on sign-in completing in the browser but the client not connecting:

• Sign-in completes in the browser but the client never connects. Common with terminal-based clients and interfering browser extensions. Restart the client (Claude Desktop especially) and disable conflicting browser extensions.
• WSL callback failures. OAuth browser callbacks may not reach Claude Code on WSL. Run from a native Windows or macOS terminal instead.
• Older Cursor/Windsurf OAuth bug. Some versions hit a known sign-in bug that stops the connection completing. Update the client.
• Old SSE URL won't connect. The actions.zapier.com/.../sse endpoint is deprecated. Regenerate from the Connect tab.

Where Zapier MCP fits in the AI-agent stack

Zapier MCP is the fastest no-code on-ramp to action-taking AI. It turns app actions into MCP tools an assistant can call on demand, which makes it ideal for chatbot-driven, human-in-the-loop work. But it's one point on a spectrum. The broader, more durable pattern is event-triggered AI agents that use MCP servers as tools to act on external systems through APIs. These are agents that fire on events, not just chat prompts, and run multi-step logic with tighter governance and latency control.

That's the category gamut.so (built by Datawizz) operates in: an AI agent knowledge workforce where agents are triggered by events and act through APIs, using MCP servers (the Zapier MCP server included) as tools. When you need autonomous, event-driven execution rather than a human typing into a chat window, that's where teams tend to graduate from a hosted gateway to purpose-built agents.

FAQ

What is Zapier MCP and how does it work?

It's a hosted MCP server that exposes Zapier's app actions as callable tools to AI clients. You enable specific actions, the AI calls them via natural language, and Zapier executes the action against your connected apps.

Who created Zapier MCP and the Model Context Protocol?

Zapier, Inc. makes Zapier MCP. The underlying Model Context Protocol was originally created by Anthropic.

How much does Zapier MCP cost?

It's included on all Zapier plans, but each successful tool call consumes two Zapier tasks from your plan's quota.

Which AI tools work with Zapier MCP?

Officially listed clients include Claude, ChatGPT, Cursor, VS Code, Windsurf, and Microsoft Copilot Studio, plus Python and TypeScript SDKs.

Does Zapier MCP use OAuth or an API key?

Both. API Key suits personal/local use; OAuth suits apps where end users connect their own Zapier account.

What transport does Zapier MCP use?

Streamable HTTP. The legacy SSE transport is no longer supported.

What's the difference between Zapier MCP and Zapier Agents?

Zapier MCP connects external AI clients to your apps via the protocol; Zapier Agents are no-code agents that run inside Zapier's own interface.

Is Zapier MCP secure?

Zapier manages auth, encryption, and rate limiting, and advertises SOC 2 Type II. Your app credentials aren't exposed to the AI client, but the server URL must be treated as a secret, and you should scope actions tightly.