API Integration and Single Sign On

An important part of the Business Plan integration consists of creating a new profile account in Ayrshare for your clients and giving access to your clients to link their social networks. An Ayshare team member will work with you during this process.

Create an Ayrshare Profile

When a new client registers with your system or when your client click the social network link on in your app, create a new Ayrshare profile account by calling the create RESTful endpoint, or using the NPM or PyPi packages.

Returned from this call will be your client's PROFILE KEY. This key will be used to post on your clients behalf and to mange their account. You should store it in a secure location.

If you want to create client profiles via the Dashboard GUI see the overview:

Create a JWT Authentication Token

Ayrshare uses JWT (JSON Web Token) to authenticate your client and allow for Single Sign On. A JWT is a secure mechanism for passing digitally signed information and allows Ayrshare to authenticate you and your client.

Your app will construct a JWT comprised of your API Key, client Profile Key, and a few other parameters. This will be signed with your private key.

Here is an example in Node.js (Javascript) using the json web token package. If you use another language see libraries for JWT signing:

const jwt = require("jsonwebtoken");
const fs = require("fs");
const privateKEY = fs.readFileSync("private.key", "utf8"); // to sign JWT
const payload = {
apiKey: "Your API KEY",
profileKey: "Client Profile Key",
};
// Token signing options
const signOptions = {
issuer: "Your Domain",
subject: "support@ayrshare.com",
audience: "https://app.ayrshare.com",
expiresIn: "5m",
algorithm:"RS256"
};
// The token to be passed during SSO
const token = jwt.sign(payload, privateKEY, signOptions);
  • You can create your own private/public key or Ayrshare can provide one once you activate your Business Membership.

  • The apiKey is the API Key of your primary account. It will be the same for every call.

  • The profileKey is the API Key of your client. Pass the profile key of the client you want to single sign on into Ayrshare. Profiles can be created with the /profiles endpoint or via the Ayrshare Dashboard.

  • The issuer is your domain and is the same for every call.

  • The subject is always support@ayrshare.com.

  • The audience is the app.ayrshare.com.

  • The expiresIn is always 5m and algorithm is always RS256.

A signed token is created and sent as a parameter to Ayrshare for SSO.

Alternatively, if you have your client's social media credentials (username/password) you can link their social network yourself using Ayrshare's dashboard.

Passing the Token for SSO

The token is passed as a URL parameter. From your app open in a new tab:

https://app.ayrshare.com?domain=[domain id]&jwt=[jwt token]

Where domain id is your domain identified (provided to you by Ayrshare) and jwt token is the token created above. This is often done from a button or link on your site.

Your client will be single signed on into the Ayrshare app and be brought to the Social Media Accounts set up page.

Please see here for more details of the client experience:

Once your client setups their social media links, you will be able to begin posting on their behalf using the /post and /profile endpoints.