Authentication & Security

Secure OAuth 2.0 integration with social platforms, team management, and API key authentication for programmatic access to the Blackspace platform.

User Authentication

Sign up and log in to Blackspace using email/password or social OAuth providers.

Login Endpoint

POST https://blackspace.ai/api/v1/auth/login
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "your_password"
}

Response:
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "user": {
    "id": "user_123",
    "email": "user@example.com",
    "username": "johndoe"
  }
}

Access tokens expire after 1 hour. Use refresh tokens to obtain new access tokens without re-authenticating.

Token Refresh

POST https://blackspace.ai/api/v1/auth/refresh
Content-Type: application/json

{
  "refresh_token": "dGhpcyBpcyBhIHJlZnJlc2ggdG9rZW4..."
}

Response:
{
  "access_token": "new_access_token...",
  "refresh_token": "new_refresh_token...",
  "expires_in": 3600
}

Social Platform OAuth

Connect your social media accounts securely using OAuth 2.0. Blackspace never stores your social media passwords.

Instagram OAuth

Connect via Facebook Graph API with Instagram Basic Display permissions.

Scopes: instagram_basic, instagram_content_publish

Permissions: Publish posts, stories, reels

X (Twitter) OAuth

OAuth 2.0 with PKCE for secure authentication and posting.

Scopes: tweet.read, tweet.write, users.read

Permissions: Post tweets, threads, media

Facebook OAuth

Manage pages and publish content through Facebook Graph API.

Scopes: pages_manage_posts, pages_read_engagement

Permissions: Publish to pages, read insights

YouTube OAuth

Upload videos and manage channel content via YouTube Data API.

Scopes: youtube.upload, youtube.readonly

Permissions: Upload videos, read analytics

OAuth Flow

  1. User clicks "Connect" for a platform in Settings → Connected Accounts
  2. Redirected to platform's OAuth authorization page
  3. User grants permissions to Blackspace
  4. Platform redirects back with authorization code
  5. Blackspace exchanges code for access/refresh tokens
  6. Tokens stored securely and used for API calls on user's behalf

API Keys

Generate API keys for programmatic access to the Blackspace platform. Use API keys for server-to-server communication and automation workflows.

Using API Keys

curl -X POST "https://blackspace.ai/api/v1/posts/create" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "platform": "instagram",
    "content": {
      "text": "Check out my new post!",
      "image_url": "https://..."
    }
  }'

Never share your API keys publicly. Store them securely using environment variables or secret management services.

Creating API Keys

  1. Go to Settings → API Keys
  2. Click "Generate New Key"
  3. Give it a descriptive name
  4. Set permissions and expiration
  5. Copy and store securely

Key Permissions

  • Read-only (analytics, posts)
  • Write (create, schedule posts)
  • Admin (manage teams, settings)
  • Custom scopes available

Team Management

Collaborate with your team by inviting members with role-based access control. Perfect for agencies and creator teams managing multiple accounts.

Owner

Full access to all features, billing, and team management.

Admin

Manage content, campaigns, and invite members. Cannot modify billing.

Member

Create and schedule content. Read-only access to analytics.

Security Best Practices

Do

  • Use environment variables for API keys
  • Rotate tokens regularly
  • Enable 2FA on your account
  • Review connected accounts monthly
  • Use read-only keys when possible

Don't

  • Share API keys in public repositories
  • Store tokens in client-side code
  • Reuse passwords across services
  • Leave unused integrations connected
  • Grant excessive permissions