@zapier/zapier-sdk-core 0.11.0 → 0.13.0

package/CHANGELOG.md

@@ -1,5 +1,28 @@
 # @zapier/zapier-sdk-core
 
+## 0.13.0
+
+### Minor Changes
+
+- eb48f58: Adopt canonical resource-shaped `ActionRunContext` for the
+  `POST /api/v0/approvals` request body.
+
+  The inline `RequestContext` / `ActionRunContext` / `HttpRequestContext`
+  Zod mirrors in `create-approval.ts` are deleted in favor of importing
+  the canonical `RequestContextSchema` directly from `@zapier/policy-context`
+  (now a runtime dependency). Action identity is now carried in a single
+  canonical `resource` field of the form
+  `action/{selected_api}/{action_type}/{action_key}`; the legacy
+  `{selected_api, action_type, action_key}` triple is still accepted on
+  input during the migration window and normalized to the canonical shape
+  before storage. No wire-level breaking change for existing callers.
+
+## 0.12.0
+
+### Minor Changes
+
+- 821a368: Add `POST /api/v0/approvals` endpoint. The SDK calls this to create an approval request after receiving a `403 x-zapier-error-type: approval_required` from a proxy or handler. The body carries a typed request context (`http_request` or `action_run`).
+
 ## 0.11.0
 
 ### Minor Changes

package/openapi.yaml

@@ -203,6 +203,166 @@ components:
       required:
         - dedupe_key
         - parameters
+    ApprovalResponse:
+      type: object
+      properties:
+        status:
+          type: string
+          enum:
+            - pending_approval
+            - approved
+            - denied
+          description: The current status of the approval request
+        approval_id:
+          type: string
+          description: Unique identifier for the approval request
+        approval_url:
+          type: string
+          description: URL for the user to visit and approve/deny the request
+        poll_url:
+          type: string
+          description: URL for the SDK to poll for status changes
+      required:
+        - status
+        - approval_id
+    ParsedUrl:
+      type: object
+      properties:
+        scheme:
+          type: string
+          description: URL scheme, e.g. "https"
+        host:
+          type: string
+          description: Hostname, e.g. "api.example.com"
+        port:
+          type: integer
+          description: Port number (defaults to 443 for https, 80 for http)
+        path:
+          type: string
+          description: URL path, e.g. "/v1/foo"
+        query:
+          type: object
+          additionalProperties:
+            type: array
+            items:
+              type: string
+          description: Query parameters as key to string array mapping
+      required:
+        - scheme
+        - host
+        - port
+        - path
+        - query
+      description: Parsed URL components for policy condition matching
+    HttpRequestContext:
+      type: object
+      properties:
+        request_type:
+          type: string
+          enum:
+            - http_request
+          description: Context type discriminator
+        method:
+          type: string
+          maxLength: 10
+          description: HTTP method
+        url:
+          $ref: "#/components/schemas/ParsedUrl"
+        headers:
+          type: object
+          additionalProperties:
+            type: string
+          description: Filtered headers (IGNORED_HEADERS excluded, keys lowercased)
+        body:
+          type:
+            - string
+            - "null"
+          maxLength: 65536
+          description: Raw body string
+        body_json:
+          description: Parsed JSON body (if applicable)
+        connection_id:
+          type: string
+          maxLength: 255
+          description: Zapier connection ID used for this request
+        reason:
+          type: string
+          maxLength: 1024
+          description: Optional human-readable reason for the request
+      required:
+        - request_type
+        - method
+        - url
+        - headers
+        - body
+        - body_json
+    action_type:
+      type: string
+      enum:
+        - filter
+        - read
+        - read_bulk
+        - run
+        - search
+        - search_and_write
+        - search_or_write
+        - write
+      description: "Legacy: canonical Zapier action type. Prefer `resource`."
+      deprecated: true
+    ActionRunContext:
+      type: object
+      properties:
+        request_type:
+          type: string
+          enum:
+            - action_run
+          description: Context type discriminator
+        resource:
+          type: string
+          maxLength: 1024
+          description: Canonical action resource, e.g. action/Slack@1.0.0/write/send_message
+        selected_api:
+          type: string
+          maxLength: 255
+          deprecated: true
+          description: "Legacy: app identifier, e.g. Slack@1.0.0. Prefer `resource`."
+        action_type:
+          $ref: "#/components/schemas/action_type"
+        action_key:
+          type: string
+          maxLength: 255
+          deprecated: true
+          description: "Legacy: action key, e.g. send_message. Prefer `resource`."
+        connection_id:
+          type: string
+          maxLength: 255
+          description: Zapier connection ID used for this request
+        inputs:
+          description: Action input parameters
+        reason:
+          type: string
+          maxLength: 1024
+          description: Optional human-readable reason for the request
+      required:
+        - request_type
+      description: Action run context. The canonical shape carries the action identity in a single `resource` field of the form `action/{selected_api}/{action_type}/{action_key}`. The legacy `{selected_api, action_type, action_key}` shape is also accepted on input during the migration window — approvalsapi normalizes it to the canonical form before storage.
+    RequestContext:
+      anyOf:
+        - $ref: "#/components/schemas/HttpRequestContext"
+        - $ref: "#/components/schemas/ActionRunContext"
+      description: Union of request context shapes, keyed on `request_type`.
+      discriminator:
+        propertyName: request_type
+        mapping:
+          http_request: "#/components/schemas/HttpRequestContext"
+          action_run: "#/components/schemas/ActionRunContext"
+    CreateApprovalBody:
+      type: object
+      properties:
+        context:
+          $ref: "#/components/schemas/RequestContext"
+      required:
+        - context
     CreateClientCredentialsResponse:
       type: object
       properties:
@@ -251,28 +411,6 @@ components:
         - name
         - allowed_scopes
       description: Request body for creating client credentials
-    ApprovalResponse:
-      type: object
-      properties:
-        status:
-          type: string
-          enum:
-            - pending_approval
-            - approved
-            - denied
-          description: The current status of the approval request
-        approval_id:
-          type: string
-          description: Unique identifier for the approval request
-        approval_url:
-          type: string
-          description: URL for the user to visit and approve/deny the request
-        poll_url:
-          type: string
-          description: URL for the SDK to poll for status changes
-      required:
-        - status
-        - approval_id
     AuthenticationItem:
       type: object
       properties:
@@ -1268,6 +1406,49 @@ paths:
             application/json: &a7
               schema:
                 $ref: "#/components/schemas/ErrorsResponse"
+  /api/v0/approvals:
+    post:
+      summary: Create an approval request
+      description: Creates an approval request for the authenticated user. The SDK calls this when it decides to proceed with an approval flow after receiving an approval-required error.
+      tags:
+        - Approvals
+      operationId: v0_create_approval
+      security:
+        - userJwt: []
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/CreateApprovalBody"
+      responses:
+        "202":
+          description: Approval request created
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ApprovalResponse"
+        "400":
+          description: Bad Request
+          content:
+            application/json: *a1
+        "401":
+          description: Unauthorized
+          content:
+            application/json: *a2
+        "429":
+          description: Too Many Requests
+          headers: *a3
+          content:
+            application/json: *a4
+        "500":
+          description: Server Error
+          content:
+            application/json: *a5
+        "503":
+          description: Service Unavailable
+          headers: *a6
+          content:
+            application/json: *a7
   /api/v0/client-credentials:
     post:
       summary: Create client credentials

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zapier/zapier-sdk-core",
-  "version": "0.11.0",
+  "version": "0.13.0",
   "description": "Core schemas and TypeScript types for the Zapier SDK API",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Zapier, Inc.",
@@ -88,6 +88,7 @@
     "LICENSE"
   ],
   "dependencies": {
+    "@zapier/policy-context": "1.1.0",
     "zod": "4.3.6"
   },
   "devDependencies": {