Zapier Integration
Connect ComplianceLayer to 5,000+ apps using Zapier. Automate security workflows, send scan results to your favorite tools, and trigger scans from external events — all without writing a single line of code.
Overview
The ComplianceLayer Zapier integration lets you build automated workflows (called "Zaps") that connect your security scanning to the rest of your tech stack. Available on Pro plans and above.
- No OAuth required — authenticate with your existing API key
- 3 triggers — react to scan completions, score changes, and alerts
- 2 actions — run scans and fetch reports programmatically
- 2 searches — look up scans and domain scores
- 5,000+ app connections — Slack, Google Sheets, Jira, PagerDuty, and more
Getting Started
Follow these steps to connect ComplianceLayer to Zapier and build your first automated workflow:
Step 1: Sign Up for Zapier
If you don't already have a Zapier account, create one at zapier.com. The free tier supports up to 5 single-step Zaps.
Step 2: Find ComplianceLayer in Zapier
In the Zapier dashboard, click Create Zap, then search for "ComplianceLayer" in the app directory. Select it as your trigger or action app.
Step 3: Connect Your API Key
When prompted to authenticate, enter your ComplianceLayer API key. You can find or generate your key in your dashboard:
- Log in to compliancelayer.net
- Navigate to Settings → API Keys
- Click Generate New Key or copy your existing key
- Paste the key (starting with
cl_) into Zapier's connection dialog
Step 4: Build Your First Zap
Choose a trigger event (e.g., "Scan Completed"), configure your action app (e.g., Slack), map the data fields, and turn on your Zap. Zapier will now automatically run your workflow whenever the trigger fires.
Available Triggers
Triggers fire automatically when events occur in ComplianceLayer. Use them to start Zaps that react to security changes in real time.
Scan CompletedFires whenever a domain scan finishes successfully. Includes the domain, score, grade, issue counts, and scan metadata. This is the most commonly used trigger.
{
"scan_id": 12345,
"job_id": 67890,
"domain": "example.com",
"score": 85,
"grade": "B",
"risk_level": "low_medium",
"issues_count": 8,
"critical_issues": 0,
"high_issues": 2,
"medium_issues": 3,
"low_issues": 3,
"scanned_at": "2026-03-15T14:30:00Z",
"scan_duration_ms": 2847,
"report_url": "https://compliancelayer.net/report/cl_rpt_abc123"
}Score ChangedFires when a monitored domain's security score changes between consecutive scans. Includes both the old and new scores, the delta, and the direction of change. Useful for tracking security drift.
{
"domain": "example.com",
"old_score": 92,
"new_score": 78,
"old_grade": "A",
"new_grade": "C+",
"delta": -14,
"direction": "decreased",
"changed_at": "2026-03-15T14:30:00Z",
"scan_id": 12346
}Alert TriggeredFires when a security alert condition is met for a monitored domain. Alert types include score drops, critical vulnerabilities, certificate expiration warnings, and configuration changes.
{
"alert_id": 456,
"alert_type": "score_drop",
"severity": "high",
"domain": "example.com",
"title": "Security Score Dropped",
"message": "Score decreased from 92 to 78 (-14 points)",
"old_value": "92",
"new_value": "78",
"score": 78,
"grade": "C+",
"created_at": "2026-03-15T14:30:00Z"
}Available Actions
Actions let you control ComplianceLayer from other apps. Trigger a scan from a Google Sheet row or fetch a report after a form submission.
Run ScanSubmit a domain for a full security scan. Provide the domain name and ComplianceLayer will queue and execute the scan. Returns the job ID and domain for downstream steps. The scan runs asynchronously; use the "Scan Completed" trigger or "Get Report" action to retrieve results.
| Input Field | Type | Required | Description |
|---|---|---|---|
domain | String | Yes | The domain to scan (e.g., example.com) |
Get ReportFetch a completed scan report by job ID. Returns the full report including score, grade, module results, and all findings. Use this after a "Run Scan" action to retrieve the results once the scan completes.
| Input Field | Type | Required | Description |
|---|---|---|---|
job_id | Number | Yes | The job ID returned by Run Scan or a trigger |
Available Searches
Searches let you look up existing data in ComplianceLayer. Use them to find records or enrich data in multi-step Zaps.
Find ScanFind the most recent scan for a given domain. Returns the latest scan result including score, grade, and issue summary. Useful for looking up current security posture in multi-step workflows.
| Input Field | Type | Required | Description |
|---|---|---|---|
domain | String | Yes | The domain to look up (e.g., example.com) |
Get Domain ScoreGet the current security score and grade for a domain. Returns a lightweight response with just the score, grade, risk level, and last scan timestamp. Ideal for conditional logic in Zaps (e.g., only send alert if score is below 70).
| Input Field | Type | Required | Description |
|---|---|---|---|
domain | String | Yes | The domain to look up (e.g., example.com) |
Popular Workflows
Here are six popular Zap templates to get you started. Each connects ComplianceLayer to a commonly used app.
1. Scan Completed → Slack Notification
Post a message to a Slack channel every time a security scan finishes. Include the domain, score, grade, and a link to the full report.
How it works: When ComplianceLayer finishes scanning a domain, Zapier posts a formatted message to your chosen Slack channel with the score, grade, and issue counts.
2. Score Drops Below 60 → Create Freshdesk Ticket
Automatically create a support ticket when a domain's security score falls into the danger zone, ensuring your team addresses the issue promptly.
How it works: The Score Changed trigger fires, a Zapier Filter step checks if the new score is below 60, and if so, creates a ticket in Freshdesk with the domain, score delta, and remediation priority.
3. New Google Sheet Row → Run Security Scan
Add a domain to a Google Sheet and ComplianceLayer will automatically scan it. Perfect for onboarding new client domains in bulk.
How it works: When a new row appears in your Google Sheet (containing a domain name in a specified column), Zapier sends that domain to ComplianceLayer for scanning via the Run Scan action.
4. Weekly Schedule → Scan Domains, Update Airtable
Run weekly scans on a list of domains and update an Airtable base with the latest scores. Great for MSPs managing multiple client environments.
How it works: A Zapier Schedule trigger fires every Monday at 9 AM. It loops through your domain list, runs a ComplianceLayer scan for each, and updates the corresponding Airtable row with the new score, grade, and scan date.
5. Alert Triggered → Send Email via Gmail
Get an email notification whenever a security alert fires. Useful for stakeholders who don't use Slack or your ticketing system.
How it works: When a ComplianceLayer alert triggers (e.g., score drop, certificate expiry), Zapier sends a formatted email via Gmail to your specified recipients with the alert details, severity, and affected domain.
6. Scan Completed → Add Row to Google Sheets
Log every scan result to a Google Sheet for historical tracking and reporting. Build dashboards and charts from the accumulated data.
How it works: Every time a scan completes, Zapier appends a new row to your Google Sheet with the domain, score, grade, issue counts, scan date, and report link. Great for building historical trend reports.
Authentication
The ComplianceLayer Zapier integration uses API Key authentication. No OAuth flow is required — you simply provide your API key when connecting your account.
How It Works
- When you add ComplianceLayer as an app in Zapier, you're prompted for your API key
- Zapier stores the key securely and includes it as a
Bearertoken in theAuthorizationheader for every request - ComplianceLayer validates the key and checks your plan permissions
- If the key is invalid or expired, the Zap will fail and Zapier will notify you
Finding Your API Key
- Log in to your ComplianceLayer dashboard
- Navigate to Settings → API Keys
- Copy your existing key or click Generate New Key
- The key starts with
cl_and is 40+ characters long
Key Permissions
Your API key has the same permissions as your ComplianceLayer account. The Zapier integration uses these API endpoints:
| Endpoint | Used By | Description |
|---|---|---|
POST /v1/scan | Run Scan action | Submit a domain for scanning |
GET /v1/scan/jobs/:id | Get Report action | Fetch scan results by job ID |
GET /v1/domains | Find Scan search | Look up domains and recent scans |
GET /v1/webhooks/deliveries | All triggers | Poll for new events |
Troubleshooting
Invalid API Key
If you see an "Authentication failed" error in Zapier:
- Verify your API key is correct — copy it directly from Settings → API Keys
- Ensure the key starts with
cl_ - Check that the key hasn't been revoked or rotated
- Try disconnecting and reconnecting the ComplianceLayer account in Zapier
- Confirm your account is on a Pro plan or above
Triggers Not Firing
If your triggers aren't receiving events:
- Check your Zap is turned on — disabled Zaps don't receive triggers
- Verify events are occurring — triggers only fire when the corresponding event happens (e.g., a scan must actually complete)
- Check Zapier's task history — look for errors in the Zap's run history
- Review polling interval — Zapier checks for new events every 1-15 minutes depending on your Zapier plan
- Confirm plan access — Free and Starter ComplianceLayer plans do not support triggers
Quota Exceeded Errors
If you see "Quota exceeded" or 429 errors:
- Your ComplianceLayer scan quota may be exhausted for the billing period
- Check your remaining quota in Settings → Usage
- Consider upgrading your plan for higher scan limits
- Reduce the frequency of scheduled scans in your Zaps
- API rate limits apply: 60 requests/minute for Pro, 120 for Enterprise
Missing or Incorrect Data
If data is missing from trigger payloads:
- Check that you're mapping the correct fields in your Zap steps
- Some fields may be null for certain scan types (e.g.,
report_urlmay not appear for failed scans) - Use Zapier's "Test Trigger" feature to see the full payload structure
- Verify the trigger event type matches what you expect
Action Failures
If a "Run Scan" or "Get Report" action fails:
- Invalid domain — ensure the domain field contains a valid domain (no protocol prefix, no trailing slash)
- Job not found — the job ID may have expired (jobs older than 30 days are archived)
- Scan still running — if using "Get Report" immediately after "Run Scan", add a Zapier Delay step (2-3 minutes) to allow the scan to complete
- Server errors — check the ComplianceLayer status page for any outages
Tips and Best Practices
Use Filters Wisely
Add Zapier Filter steps to avoid unnecessary noise. For example, only create tickets when the score is below a threshold, or only notify when critical issues are found.
Add Delay Steps
If your Zap uses "Run Scan" followed by "Get Report", add a 2-3 minute Delay step between them. Scans typically take 30-60 seconds, but adding buffer prevents race conditions.
Use Formatter Steps
Zapier's Formatter utility can help transform ComplianceLayer data for downstream apps. For example, convert the numeric score to a color-coded emoji, or format the scan date for your locale.
Monitor Zap Health
Review your Zap's task history regularly. Set up Zapier's built-in error notifications to get alerted when Zaps fail. This ensures you don't miss critical security events.
Next Steps
Connect ComplianceLayer directly to Slack for real-time security notifications without Zapier.
Set up direct HTTP webhook endpoints for real-time event delivery with signature verification.
Build custom integrations with the official Python SDK featuring sync and async clients.