Platform Credentials
Upload your own OAuth App client_id + client_secret for a platform. Once stored, every Connect session on the workspace for that platform runs against your App — the end user’s consent screen shows your brand, not UniPost’s.
When to use this endpoint
Call this once per platform during white-label onboarding. Connect sessions now default to requiring workspace-owned credentials for OAuth platforms, so this is the normal setup path for customer-facing onboarding. If you intentionally want to use UniPost’s shared Quickstart OAuth app for a specific session, create that session with allow_quickstart_creds=true. See the white-label guide for the full integration walkthrough.
Paid plan required
Basic and up can upload platform credentials. Basic supports 1 platform slot; Growth and Team support all supported platforms. Free and API workspaces can still use UniPost's shared Quickstart OAuth apps only when a session is created with allow_quickstart_creds=true.
Upload credentials
SDK support for platform credential management is coming soon. For now, upload credentials from the dashboard or call the REST endpoint directly.
| Field | Required | Notes |
|---|---|---|
| platform | ✓ | One of facebook, instagram, linkedin, pinterest, tiktok, youtube, or twitter. The dashboard groups Instagram and Threads under the Meta credential card; Facebook Page has its own row so Connect sessions can require Facebook-specific white-label credentials. See available platform names. |
| client_id | ✓ | Client / App ID from the platform developer portal |
| client_secret | ✓ | Stored encrypted at rest (AES-256-GCM). Never returned in any read endpoint. |
A successful upload replaces any previous credentials for the same platform in this workspace — uploading a second set for the same platform overwrites the first. On Basic, creating a second platform row is rejected until you upgrade.
List configured platforms
Returns one row per platform that has credentials stored. client_secret is never included — there is no read endpoint that exposes it.
| Response field | Notes |
|---|---|
| platform | Which platform these credentials are for |
| client_id | The public App ID, safe to return |
| created_at | ISO timestamp of when the credentials were uploaded |
| meta.total | Total configured platform credential rows returned by the list endpoint |
| meta.limit | Applied list limit when the endpoint starts supporting partial reads |
| request_id | Request identifier for debugging and support |
Remove credentials
Deletes the stored credentials for one platform. After a successful delete, future Connect sessions for that platform will fail validation unless they are explicitly created with allow_quickstart_creds=true. Existing already-connected accounts continue to publish using their stored tokens — deletion only affects future OAuth flows.
Returns 204 No Content on success; safe to call when no credentials exist for that platform.
Errors
| Status | Code | When |
|---|---|---|
| 401 | UNAUTHORIZED / unauthorized | Missing or invalid API key / session |
| 402 | PLAN_FEATURE_NOT_AVAILABLE / plan_feature_not_available | Workspace plan does not include platform credentials, or Basic has already used its 1 platform slot |
| 404 | NOT_FOUND / not_found | Workspace does not belong to the caller |
| 422 | VALIDATION_ERROR / validation_error | Missing platform, client_id, or client_secret |
Auth modes
| Mode | Auth | Use case |
|---|---|---|
| Workspace API key | Bearer up_live_xxxx | Programmatic onboarding (CI, admin scripts, customer integrations) |
| Clerk session (Dashboard) | Browser cookie | Human uploading creds through Accounts → White-label Credentials |