Skip to content
Cobalz Affiliate

Zapier integration

You can wire any Cobalz event into Zapier today using Webhooks by Zapier (which is included in every Zapier plan). Our outbound webhooks follow the Standard Webhooks v1 spec, which Zapier accepts natively as a Catch Hook trigger.

Note:A native, branded Cobalz Affiliate app on the Zapier marketplace is in review with their team. The contract below works today and will keep working when the branded app ships — the branded app just hides the auth + signature steps behind a friendlier setup flow.

Create a Zapier trigger from a Cobalz event

  • In Zapier: create a Zap, pick Webhooks by Zapier → Catch Hook as the trigger.
  • Copy the unique https://hooks.zapier.com/... URL Zapier gives you.
  • In Cobalz: Settings → Webhooks → New endpoint. Paste the URL, pick the events you want as triggers.
  • Send a test event from the endpoint detail page. Zapier picks it up; you can now map fields into your Zap.

Signature verification

Zapier doesn't verify HMAC signatures by default — anyone who guesses your Zapier catch-hook URL could send a payload that triggers your Zap. Two ways to lock this down:

  • Filter step: after the Catch Hook, add a Filter by Zapier step that checks webhook-id exists and the type matches an expected event name. Cheap but not cryptographic.
  • Code step: add a Code by Zapier (Python or JavaScript) step that recomputes the HMAC over webhook-id . webhook-timestamp . body using your secret and compares constant-time against webhook-signature.
# Code by Zapier — Python — paste your signing secret in input data
import hmac, hashlib, base64, json

secret = input_data['secret']
sig_header = input_data['signature']
signed = f"{input_data['id']}.{input_data['ts']}.{input_data['body']}"
expected = base64.b64encode(
    hmac.new(secret.encode(), signed.encode(), hashlib.sha256).digest()
).decode()
ok = any(
    hmac.compare_digest(s.split(',', 1)[1], expected)
    for s in sig_header.split(',') if s.startswith('v1,')
)
return {'verified': ok}

Use Cobalz as a Zapier action

For things like "when a customer pays in Stripe, create a Cobalz affiliate": use Webhooks by Zapier's Custom Request action against our REST API.

POST https://affiliate.cobalz.com/api/v1/affiliates
Authorization: Bearer cob_xxx
Content-Type: application/json

{ "email": "<from previous step>", "slug": "<derived>", "display_name": "<from previous step>" }

Common Zap recipes

  • New affiliate → Slack DM: Catch affiliate.approved → Slack Send Direct Message with their email + slug.
  • Payout paid → spreadsheet: Catch payout.paid → Google Sheets Create Spreadsheet Row for your accountant.
  • Fraud flagged → Discord: Catch fraud.flagged → Discord Send Channel Message.
  • Stripe payment → new affiliate: Stripe New Charge → Cobalz POST /api/v1/affiliates.