Log streams send real-time webhook notifications to your endpoint when Zaps finish running. You can use log streams to track Zap run success and failure rates, build monitoring dashboards, and set up automated alerting for Zap errors.
Available on plans:
Free
Professional
Team
Enterprise
AlphaThis feature is in alpha release and is only available to invited participants. This feature is in active development and may change.
Prerequisites
- Enterprise plan.
- Super admin, or owner role.
- An HTTPS endpoint that can receive POST requests.
Limitations
- Log streams are currently available for Zap events only. Forms, Chatbots, Agents, and Tables events are not yet supported.
- Log streams deliver events in real time, starting from when the log stream is created. Historical data is not available.
- During the alpha phase, access is limited to approved alpha partners.
Available event types
Log streams support four event types based on the final status of a Zap run:
| Event | Description |
|---|---|
zap.success |
The Zap run completed with no errors. |
zap.error |
The Zap run failed due to an error. |
zap.halted |
The Zap was automatically halted after repeated errors. |
zap.stopped |
A user manually stopped the Zap. |
NoteLog streams are event-based, not historical. You'll receive notifications for Zap runs that occur after you create the log stream. You will not receive data from before the log stream was created.
Create a log stream
- Go to the Admin Center by clicking the Admin Center icon in the left sidebar.
- In the admin settings sidebar, select Log streams under the Insights section.
- Click Create log stream.
- In the Name field, enter a descriptive name for your log stream (for example, "Production Error Alerts").
- In the Destination URL field, enter the HTTPS endpoint URL where you want to receive webhook notifications.
- (Optional) In the Secret field, click Generate to create a secure random secret, or enter your own secret (minimum 16 characters). Use this secret to verify webhook signatures.
- In the Events section, select the event types you want to receive notifications for.
- Click Save.
Your log stream is now active and will start sending webhook notifications when Zaps finish running.
Manage log streams
After you create a log stream, it appears in the log streams list. The list displays each log stream's state, event count, and creation date.
You can take the following actions on a log stream:
- Edit: Update the name, destination URL, secret, or event selections.
- Pause: Temporarily stop webhook delivery without deleting the log stream.
- Delete: Permanently remove the log stream.
Event payload
When a Zap finishes running, Zapier sends a JSON payload to your log stream's destination URL. All event types use the same structure:
{
"version": "1.0.0",
"asset_type": "zap",
"asset_id": "123456",
"run_id": "abc-def-ghi-789",
"status": "success",
"started_at": "2025-01-15T10:30:00Z",
"finished_at": "2025-01-15T10:30:45Z",
"error_message": null
}Payload fields
| Field | Type | Description |
|---|---|---|
version |
string | Schema version (current: 1.0.0). |
asset_type |
string | Type of asset. Currently always zap. |
asset_id |
string | Unique identifier for the Zap. |
run_id |
string | Unique identifier for the specific Zap run. |
status |
string | Terminal status: success, error, halted, or stopped. |
started_at |
string | ISO 8601 timestamp when the Zap run started. |
finished_at |
string | ISO 8601 timestamp when the Zap run finished. |
error_message |
string or null | Error details when the Zap run fails. null for successful runs. |
NoteDuring the alpha phase, the payload schema may change. Versioning will be used, but payloads are not guaranteed to remain stable.
Verify webhook signatures
When you create a log stream with a secret, Zapier signs each webhook request with an HMAC-SHA256 signature. Verify these signatures to confirm that incoming requests are from Zapier.
Each webhook request includes two headers:
| Header | Description |
|---|---|
X-Zapier-Signature |
HMAC-SHA256 signature, hex-encoded. |
X-Zapier-Timestamp |
Unix timestamp (in seconds) when the signature was generated. |
To verify the signature:
- Extract the signature and timestamp from the request headers.
- Construct the signed message by combining the timestamp and JSON body:
{timestamp}.{json_body}. - Compute the HMAC-SHA256 hash using your secret.
- Compare your computed signature with the
X-Zapier-Signatureheader value using a constant-time comparison function.
import hmac
import hashlib
def verify_webhook_signature(request_body, signature, timestamp, secret):
message = f"{timestamp}.{request_body}"
computed_signature = hmac.new(
key=secret.encode("utf-8"),
msg=message.encode("utf-8"),
digestmod=hashlib.sha256
).hexdigest()
return hmac.compare_digest(computed_signature, signature)const crypto = require('crypto');
function verifyWebhookSignature(body, signature, timestamp, secret) {
const message = `${timestamp}.${body}`;
const computedSignature = crypto
.createHmac('sha256', secret)
.update(message)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(computedSignature)
);
}import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"fmt"
)
func verifyWebhookSignature(body string, signature string, timestamp string, secret string) bool {
message := fmt.Sprintf("%s.%s", timestamp, body)
h := hmac.New(sha256.New, []byte(secret))
h.Write([]byte(message))
computedSignature := hex.EncodeToString(h.Sum(nil))
return hmac.Equal([]byte(signature), []byte(computedSignature))
} NoteAlways use constant-time comparison functions (hmac.compare_digest() in Python, crypto.timingSafeEqual() in Node.js, hmac.Equal() in Go) to prevent timing attacks. Do not use standard string comparison operators.
Signature verification tips
- Use the raw request body. Do not parse and re-serialize the JSON. Formatting differences will cause verification to fail.
- UTF-8 encode all strings when computing the signature.
- Store your secret securely. Do not commit it to version control or expose it in client-side code.
Common use cases
- Error alerting: Get notified when Zap runs fail. Track error patterns and identify which Zaps need attention.
- Success rate metrics: Build dashboards showing Zap reliability over time. Calculate success rates and measure automation health.
-
Performance monitoring: Measure Zap run duration by comparing
started_atandfinished_attimestamps. Identify slow-running automations. - Automated recovery: Trigger workflows when Zap issues occur. For example, create support tickets when Zaps are halted, or start investigation workflows for persistent errors.
Troubleshooting
Webhook signature verification fails
- Verify you're using the raw request body string, not a parsed and re-serialized JSON object.
- Confirm all strings are UTF-8 encoded when computing the signature.
- Check that the timestamp value matches exactly what's in the
X-Zapier-Timestampheader. - Confirm you're using the same secret that was set when you created the log stream.
Webhook not received
- Verify your log stream is in an
activestate, notpaused. - Confirm you're subscribed to the event type you expect (for example,
zap.error). - Verify your destination URL is correct and accessible from the internet.
- Confirm your destination URL uses HTTPS.