Authentication

Socialpilot is OAuth 2.0 provider. We recommend using any available Oauth 2.0 client to easily communicate with our API.

Socialpilot requires authentication for each request to our API endpoints. To get access_token, you need to create an app under your own Socialpilot account. Once you create an app, we will create client id and client secret key which will help you to generate access token.

A good OAuth library will handle most of these steps for you. You only need to supply valid Client ID, Client Secret and Redirect URL (which you have entered during app creation).

Authentication is two step process.

  • Authorization
  • Access Token

1) Authorization

For authorization, redirect your user to our authorization endpoint. You need to provide your Client ID and Redirect URL as query string parameter.

GET https://panel.socialpilot.co/oauth/?
client_id=<Client ID>&
redirect_uri=<Redirect URL>&
response_type=code&
scope=read,write

The user will be then asked to login and allow/deny authorization request. At this point, user will be redirected back to your redirect_uri with an authorization code or error message as a query string parameter. This should look something like:

http://mydomain.com/getaccess?code=<80 character access code>

2) Access Token

Your app should send back the authorization code to our access token endpoint by POSTing it with your client_id, client_secret, redirect_uri and grant_type=authorization_code. Note that an authorization code is valid for a short period of time only so token exchange should be performed as soon as the code is received.

POST https://panel.socialpilot.co/oauth/accesstoken

POST Data
client_id=<Client ID>&
client_secret=<Client Secret>&
redirect_uri=<Redirect URL>&
code=<Authorization Code>&
grant_type=authorization_code

If your request is successful, we will return a long-lived access token which can be used to access your account details for all further api requests.

Using the Token

You need to pass this access token for authorization of your API request with each API call. You need to provide access token in HTTP authorization header, request body or query string.