Partner API

How to add social publishing to a SaaS without storing every network OAuth token

8 min read

Quick answer

To add social publishing without implementing every provider OAuth flow, link each customer to MultiPost with a personal API token, send them to MultiPost for one-time network connection, fetch their accounts server-side and publish through the Partner API. Store one token per tenant as a secret and check plan and quota before every send.

01.

How can a SaaS add social publishing without storing every network OAuth token?

A SaaS can let each customer link a MultiPost account, keep one personal MultiPost API token server-side and call the Partner API for account lists and publishing. The customer completes network OAuth on multi-post.pro, while your product avoids implementing and refreshing seven different provider-token flows.

This is a per-user integration, not a shared application key. Each token identifies one MultiPost user, is displayed once when created and can be revoked by that user; your backend must treat it like a password.

02.

What is the fast way to connect a customer with MultiPost?

The fast way is to send the customer to MultiPost account connections for the one-time OAuth step, then ask them to generate an API token under Settings and integrations. Your server uses that token with GET /api/v1/meand GET /api/v1/accounts before offering publish targets.

API publishing requires Pro or Agency and still consumes the linked user's monthly quota. Direct the customer to MultiPost billing when canPublish is false or the remaining quota is exhausted.

03.

How should the integration preserve the tenant boundary?

The integration should store one encrypted secret reference per customer, never put the token in browser code and never reuse one customer's token for another tenant. Resolve accounts on the server and persist the stable platform plus handle selected by that user.

The secure-scheduler guide explains the user-facing side of managing accounts without shared network passwords. Your own product still needs normal secret-management, access control and deletion procedures.

04.

What does the minimum publish contract need to contain?

It needs a supported type, a caption, at least one target and the matching media field when the post is not text. Targets can include a platform, optional handle and optional caption override; the handle is important when one user connected several accounts on the same network.

Check plan and quota first, fetch current accounts second and publish third. The guide to adapting one text update across four networks shows why per-target caption overrides are useful.

05.

How does MultiPost simplify the operating model after connection?

MultiPost simplifies it by owning provider OAuth, token refresh, network-specific publishing and server-side plan enforcement behind one JSON API. Your SaaS still owns consent language, secure token storage, target selection, content accuracy and the product experience around each request.

Frequently asked questions

Does my SaaS need to store provider OAuth tokens?

No. MultiPost manages provider tokens; your backend stores the customer’s personal MultiPost API token securely.

Can account connection happen headlessly?

No. The user completes the one-time provider consent in a browser on multi-post.pro; later publishing can be headless.

Which plans can publish through the API?

Partner API publishing requires the linked MultiPost account to be on Pro or Agency.

How do I target one of several accounts on the same network?

Fetch current accounts and include the selected platform and handle in the publish target.

Start free

Give your SaaS one social publishing contract.

MultiPost owns provider connection and publishing details while your product controls the customer workflow.

Back to the blog