Dev Socialpilot API Doc
  • Authentication
  • Accounts
  • Custom field
  • Auth
  • Draft
  • Group
  • Library
  • Membership
  • Openai
  • Post
  • Tags
  • Inbox
  • Facebook Analytics
  • Linkedin Analytics
  • Twitter Analytics
  • Google my business Analytics
  • Instagram Analytics
logoPowered by Apidog

Authentication

Overview

This guide is designed to help developers integrate their applications with SocialPilot using OAuth 2.0. OAuth 2.0 facilitates application authentication on behalf of users, allowing secure access to SocialPilot's services. We'll walk you through the steps to obtain access tokens necessary for making API calls to SocialPilot.

Prerequisites

Before you begin, ensure you have:

  • A SocialPilot Developer Account
  • A registered application with SocialPilot, providing you with a client_id
  • A configured redirect URI for your application, to which users will be directed after authorization

OAuth 2.0 Flow

1. User Authorization

Initiate the OAuth flow by directing the user to SocialPilot's authentication screen. Construct and navigate the user to a URL as shown below:

https://sendbox-api.socialpilot.co/login?
response_type=code
&client_id={{client_id}}
&redirect_uri={{redirect_uri}}
&scope=email+openid
  • client_id: Replace with your application's client ID.
  • redirect_uri: Substitute with the URI where users should be sent post-authentication.

Users will log in using their SocialPilot credentials and grant your application access.

2. Obtaining Authorization Code

Following successful authentication, SocialPilot redirects users to your redirect_uri, appending an authorization code to the URL. Extract this code for the token exchange process.

The URL will look like this

redirect_url/?code={{auth_code}}

3. Exchanging Authorization Code for Tokens

With the authorization code in hand, request an access token and a refresh token via the following API call:


curl --location 'https://sendbox-api.socialpilot.co/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'client_id={{client_id}}' \
--data-urlencode 'code={{auth_code}}' \
--data-urlencode 'redirect_uri={{redirect_url}}'

Ensure {{client_id}}, {{auth_code}}, and {{redirect_url}} are correctly replaced with your details.

The authorization code is a one-time-use code exchanged for an access token and refresh token.

Access tokens are valid for 24 hours, while refresh tokens last for 60 days from issuance. Post expiration, users must re-authenticate.

4. Using the Access Token

The response includes an access_token, refresh_token, and id_token. Utilize the access_token for authorized API requests to SocialPilot, incorporating it in the Authorization header as a Bearer token.

Access tokens are valid for 24 hours, while refresh tokens last for 60 days from issuance. Post expiration, users must re-authenticate.

{
    "id_token": "{{id_token}}",
    "access_token": "{{access_token}}",
    "refresh_token": "{{refresh_token}}",
    "expires_in": 86400,
    "token_type": "Bearer"
}

5. Refreshing the Access Token

To refresh an expired access token, use the refresh token as follows:

curl --location 'https://sendbox-api.socialpilot.co/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'refresh_token={{refresh_token}}' \
--data-urlencode 'client_id={{client_id}}'

Replace {{refresh_token}} and {{client_id}} with your respective refresh token and client ID.

Responce

{
    "id_token": "{{id_token}}",
    "access_token": "{{access_token}}",
    "expires_in": 86400,
    "token_type": "Bearer"
}

Troubleshooting

  • Verify your request's redirect URI matches the one in your SocialPilot application settings.
  • Refer to the OAuth 2.0 specifications for error code clarifications and resolutions.

Contact SocialPilot's developer support for further assistance.

Last modified: a month ago