Zapier MCP Server

v2026.6

Zapier

MCPautomationsaas-integrationsworkflowhosted
78
Strong
About This MCP

Zapier's hosted, proprietary MCP server that gives AI agents access to user-selected actions from 9,000+ connected apps (Gmail, Slack, Salesforce, and more, spanning tens of thousands of actions). Each user generates a personal remote server endpoint at mcp.zapier.com with per-app and per-action permissioning.

Last Evaluated: June 10, 2026
Official Website

Trust Vector Analysis

Dimension Breakdown

🚀Performance & Reliability
+
api reliability

Platform stability and maturity analysis

Evidence
Zapier MCP DocumentationRuns on Zapier's mature integration platform that has powered production automation for over a decade
highVerified: 2026-06-10
action execution success

Action execution success testing across common apps

Evidence
Zapier MCP DocumentationActions reuse Zapier's battle-tested app integrations; failures are usually due to downstream app auth or API issues
mediumVerified: 2026-06-10
app integration breadth

Integration catalog assessment

Evidence
Zapier MCP9,000+ apps and roughly 30,000-40,000 actions available, the broadest integration catalog of any MCP server
highVerified: 2026-06-10
rate limit handling

Rate and usage limit behavior review

Evidence
Zapier MCP DocumentationPlan-based usage limits on MCP tool calls; downstream app rate limits surface as action errors
mediumVerified: 2026-06-10
error recovery

Failure mode and recovery testing

Evidence
Zapier MCP DocumentationErrors from downstream apps are returned to the agent; reauthorization of expired app connections requires manual user action
mediumVerified: 2026-06-10
🛡️Security
+
authentication security

Authentication mechanism review

Evidence
Zapier MCP DocumentationA user-specific server is generated at mcp.zapier.com; access is tied to that personal endpoint rather than a separately rotated credential in legacy URL-auth mode
highVerified: 2026-06-10
url credential exposure

Credential exposure threat modeling of the endpoint URL

Evidence
Zapier MCP DocumentationThe per-user endpoint URL acts as a bearer credential: anyone who obtains it can invoke the user's enabled actions, so it must be treated as a secret and rotated if leaked
highVerified: 2026-06-10
blast radius control

Blast radius assessment across connected app categories

Evidence
Zapier MCPBy design the server can reach email, CRM, chat, and finance apps simultaneously; a compromised or prompt-injected agent has an extremely broad blast radius across connected accounts
highVerified: 2026-06-10
permission granularity

Per-app and per-action permission model review

Evidence
Zapier MCP DocumentationUsers explicitly select which apps and which individual actions are exposed to the agent, enabling least-privilege configuration
highVerified: 2026-06-10
credential handling

Credential storage and isolation review

Evidence
Zapier SecurityDownstream app OAuth credentials are stored by Zapier under SOC 2 Type II audited controls and never exposed to the agent
highVerified: 2026-06-10
🔒Privacy & Compliance
+
data exposure

Data flow analysis of action inputs and outputs

Evidence
Zapier MCP DocumentationEmails, CRM records, and messages retrieved by actions flow through Zapier's cloud and into the LLM provider context
highVerified: 2026-06-10
sensitive data protection

Data protection controls assessment

Evidence
Zapier SecurityEncryption in transit and at rest on the platform, but no content-level PII redaction before data reaches the model
mediumVerified: 2026-06-10
third party data sharing

Multi-party data sharing review

Evidence
Zapier Privacy PolicyAction data is processed by Zapier, the downstream app, and the LLM provider, each under separate privacy policies
mediumVerified: 2026-06-10
compliance certifications

Compliance certification review

Evidence
Zapier Security and ComplianceSOC 2 Type II audited, with published GDPR and CCPA compliance commitments
highVerified: 2026-06-10
👁️Trust & Transparency
+
documentation quality

Documentation completeness review

Evidence
Zapier MCP DocumentationClear setup guides per MCP client, action configuration docs, and security guidance
highVerified: 2026-06-10
operation visibility

Logging and traceability assessment

Evidence
Zapier MCP DashboardPer-user dashboard shows configured actions and a history of agent tool invocations
highVerified: 2026-06-10
open source transparency

Source availability review

Evidence
Zapier MCPFully proprietary, hosted-only service; server implementation cannot be inspected or self-hosted
highVerified: 2026-06-10
tool coverage clarity

Tool surface documentation review

Evidence
Zapier MCP DocumentationExposed tool set is exactly the actions the user enabled, each with documented parameters drawn from Zapier's integration schemas
mediumVerified: 2026-06-10
⚙️Operational Excellence
+
ease of setup

Setup complexity assessment

Evidence
Zapier MCP DocumentationNo installation: generate a personal endpoint at mcp.zapier.com, pick apps and actions in the web UI, and paste the URL into the MCP client
highVerified: 2026-06-10
api performance

Action latency characterization

Evidence
Zapier MCP DocumentationAction latency adds Zapier orchestration overhead on top of downstream app API calls, typically a few seconds per action
mediumVerified: 2026-06-10
reliability

Uptime and incident history analysis

Evidence
Zapier Status PagePublic status page with historically high availability across the Zapier platform
highVerified: 2026-06-10
feature coverage

Capability breadth assessment

Evidence
Zapier MCPTens of thousands of actions across 9,000+ apps including Gmail, Slack, Salesforce, HubSpot, and Google Workspace
highVerified: 2026-06-10
community adoption

Adoption and ecosystem support analysis

Evidence
Zapier MCPHeavily promoted integration path supported by major MCP clients and Zapier's large existing automation user base
mediumVerified: 2026-06-10
Strengths
  • +Broadest action catalog of any MCP server: 9,000+ apps and tens of thousands of actions
  • +Per-app and per-action permissioning enables least-privilege agent configuration
  • +Zero-install hosted setup with a personal endpoint generated at mcp.zapier.com
  • +Downstream app credentials held by Zapier under SOC 2 Type II audited controls, never exposed to the agent
  • +Action invocation history visible in the per-user MCP dashboard
  • +Built on a decade-mature integration platform with high availability
Limitations
  • !Extremely broad blast radius by design: a prompt-injected agent can act across email, CRM, chat, and finance apps
  • !The per-user endpoint URL acts as a bearer credential and must be treated as a secret
  • !Fully proprietary and hosted-only; no source inspection or self-hosting
  • !Business data from connected apps flows through Zapier's cloud and the LLM provider
  • !Subject to plan-based usage limits and pricing
  • !Expired downstream app connections require manual reauthorization
Metadata
license: Proprietary
supported platforms
0: Hosted remote server (any MCP client with remote support)
api dependency: Zapier platform and 9,000+ downstream app APIs
authentication: User-specific endpoint at mcp.zapier.com (URL acts as bearer credential)
compliance: SOC 2 Type II
maintained by: Zapier
documentation: https://docs.zapier.com/mcp/home
transport types
0: remote (hosted)
installation methods
0: hosted endpoint

Use Case Ratings

customer support

Excellent for agents that triage tickets, draft replies, and update CRM records across support stacks

data analysis

Good for pulling records from business apps into analysis, though not an analytics tool itself

content creation

Strong for publishing and distribution workflows across CMS, email, and social apps

code generation

Not a development tool; mainly useful for wiring deployment or notification side effects

research assistant

Useful for gathering data from connected SaaS tools rather than the open web

financial analysis

Can reach accounting and CRM data, but broad access to financial apps demands strict action scoping

legal compliance

SOC 2 helps, but routing privileged documents through Zapier and an LLM needs careful review

healthcare

Not suitable for PHI workflows; no HIPAA business associate posture for MCP agent traffic

Similar MCPs

Apify MCP Server

Apify

MCP Fetch Server

Anthropic