When building social media scheduling tools, mapping external API objects to your own internal database schema can be a headache. With Post for Me, you can utilize the external_id parameter to effortlessly tie Social Accounts and Posts directly back to your internal users, simplifying your architecture and enhancing security.
Here is a breakdown of how to use external IDs to seamlessly integrate your data.
Managing Social Accounts
The external_id is a custom string you provide during the authentication flow that acts as your internal unique identifier for a user, team, or workspace.
How it works
When generating an auth URL via the /v1/social-accounts/auth-url endpoint, you can pass your custom external_id in the JSON payload. Once the user completes the connection, this ID is permanently attached to the newly created Social Account object.
When you query your connected accounts using the GET /v1/social-accounts endpoint, you can filter the results directly by passing the ?external_id= query parameter. This makes it incredibly easy to load only the specific accounts belonging to the active user in your application without needing to maintain complex mapping tables.
Tracking Social Posts
Just like accounts, individual social media posts can also be tagged with an external_id during creation to link them to your internal records.
How it works
When making a POST request to create a new post at /v1/social-posts, you simply include the external_id string in your payload. This is highly useful for tying a specific post back to an internal campaign ID, project, or specific database row in your system.
You can instantly retrieve all posts associated with a specific campaign or internal user by filtering the GET /v1/social-posts endpoint using the ?external_id= query parameter.
Security and Preventing Account Hijacking
Beyond basic data linking, the external_id on Social Accounts acts as a strict ownership boundary, protecting your users' connections from unauthorized access.
How it works
If a user attempts to authenticate and connect a social profile that already exists in your system, the API checks the ownership. If the incoming connection attempt has a different external_id than the one currently saved on the existing account record, the system intercepts the request.
We will prevent the creation of the connection and throw an error. This crucial security measure prevents malicious actors from hijacking accounts connected under existing external IDs, ensuring that once a social profile is linked to a specific user in your database, it cannot be quietly taken over by another.