Skip to main content
Unified OAuth routes manage account connections for your workspace. OAuth platforms return an auth_url to open in a browser; Bluesky uses handle + app password (no redirect).

Base URL & auth

https://backend.postsiva.com
curl -X POST "https://backend.postsiva.com/unified/oauth/url" \
  -H "X-API-Key: psk_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"platform":["linkedin","instagram"]}'
HeaderRequiredNotes
X-API-KeyYes (or Bearer)Workspace from key; scope may restrict platforms
X-Workspace-IdJWT onlyRequired with JWT
Content-TypePOST bodiesapplication/json

Supported platforms

PlatformConnect method
linkedinOAuth redirect
instagramOAuth redirect
facebookOAuth redirect
tiktokTikTok Business OAuth
youtubeGoogle/YouTube OAuth
pinterestOAuth redirect
threadsOAuth redirect
blueskyHandle + app password (no auth_url)
Platform callbacks remain on existing routes (e.g. /linkedin/oauth/callback) after the user authorizes.

API key scope

Workspace API keys can be scoped to specific platforms. A key with scope linkedin_only or linkedin,instagram cannot connect or disconnect platforms outside that list — requests return 403.
Scope exampleEffect
linkedin_onlyLinkedIn only
linkedin,instagramComma-separated allowlist
linkedin_postsRead-only posts — no OAuth
full / emptyAll platforms the workspace supports
See Authentication for creating scoped keys.

POST /unified/oauth/url

Start OAuth or complete Bluesky connect.

Request body

FieldTypeRequiredDescription
platformstring[]YesOne or more platform names (comma-separated strings in one array entry are split server-side)
handlestringBlueskyBluesky handle, e.g. you.bsky.social
app_passwordstringBlueskyBluesky app password (not account password)

OAuth platforms response

{
  "results": {
    "linkedin": {
      "success": true,
      "message": "OAuth URL generated",
      "auth_url": "https://www.linkedin.com/oauth/v2/authorization?..."
    },
    "instagram": {
      "success": true,
      "message": "OAuth URL generated",
      "auth_url": "https://api.instagram.com/oauth/authorize?..."
    }
  }
}
Open each auth_url in a browser. After callback, verify with GET /unified/oauth/token.

Bluesky connect

No redirect URL — send credentials in the same POST:
curl -X POST "https://backend.postsiva.com/unified/oauth/url" \
  -H "X-API-Key: psk_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "platform": ["bluesky"],
    "handle": "you.bsky.social",
    "app_password": "xxxx-xxxx-xxxx-xxxx"
  }'
{
  "results": {
    "bluesky": {
      "success": true,
      "message": "Bluesky account connected",
      "auth_url": null
    }
  }
}
Create a Bluesky app password in Settings → App passwords. Never use your main account password in API calls.

GET /unified/oauth/token

Check connection status per platform. Token values are never returned — only success: true/false.

Query parameters

ParameterTypeDefaultDescription
platformstring[]all token platformsOne or more platforms to check. Omit for full workspace scan (respects API key scope)
curl "https://backend.postsiva.com/unified/oauth/token?platform=linkedin&platform=facebook" \
  -H "X-API-Key: psk_live_YOUR_KEY"

Response

{
  "results": {
    "linkedin": { "success": true },
    "facebook": { "success": true },
    "instagram": { "success": false, "message": "Not connected" },
    "tiktok": { "success": true },
    "youtube": { "success": false, "message": "Not connected" },
    "pinterest": { "success": false, "message": "Not connected" },
    "threads": { "success": true },
    "bluesky": { "success": false, "message": "Not connected" }
  }
}
When platform is omitted, all token-supported platforms are checked in batch (filtered by key scope).

DELETE /unified/oauth/token

Disconnect one or more platforms. platform query param is required (repeat for multiple).
ParameterRequiredDescription
platformYese.g. ?platform=linkedin&platform=instagram
curl -X DELETE "https://backend.postsiva.com/unified/oauth/token?platform=linkedin" \
  -H "X-API-Key: psk_live_YOUR_KEY"
{
  "results": {
    "linkedin": {
      "success": true,
      "message": "Token deleted",
      "data": null
    }
  }
}
Successful disconnect sends an account-disconnected notification email to workspace owners when configured.

MCP equivalents

MCP toolREST
manage_platform_connection (connect)POST /unified/oauth/url
manage_platform_connection (disconnect)DELETE /unified/oauth/token
get_accountsGET /unified/oauth/token + profile endpoints
Connect at https://mcp.postsiva.com/mcpMCP tools.
  • Posting — requires connected accounts
  • Posts — lists content from connected networks
  • Authentication — API key scopes and Pro plan for keys/MCP