API Integration with Single Sign On

How to integrate Ayrshare's API and SSO into the social account linkage page.

An important part of the Business Plan integration consists of creating new profile accounts in Ayrshare for your users or clients and allowing user to link their social networks.

An Ayrshare team member will work with you during this process.

Create an Ayrshare User Profile

When a new user registers with your system or when your client click the social network link on in your app, create a new Ayrshare profile account by calling the /create RESTful endpoint, or using the NPM or PyPi packages.

Returned from this call will be your user's PROFILE KEY. This key will be used to post on your user's behalf and to mange their account. You should store it in a secure location.

If you want to create client profiles via the Dashboard GUI see the overview:

Single Sign On with a JWT Authentication Token

Ayrshare uses JWT (JSON Web Token) to authenticate your user and perform Single Sign On. A JWT is a secure mechanism for passing digitally signed information and allows Ayrshare to authenticate you and your user.

Your app will construct a JWT comprised of your API Key, user Profile Key, and a few other parameters. This will be signed with your 1024 bit private key.

Generate a JWT Example

Your app will construct a JWT comprised of your API Key, user Profile Key, and a few other parameters. This will be signed with your 1024 bit private key.

If you prefer not to generate your own JWT, you can use the /profiles/generateJWT endpoint to have Ayrshare create the token:

The following example in Node.js (Javascript) uses the json web token package. If you use another language see libraries for JWT signing:

const jwt = require("jsonwebtoken");
const fs = require("fs");
const privateKEY = fs.readFileSync("private.key", "utf8"); // to sign JWT
const payload = {
apiKey: "Your API KEY",
profileKey: "Client Profile Key",
// Token signing options
const signOptions = {
issuer: "Your Domain",
subject: "[email protected]",
audience: "https://app.ayrshare.com",
expiresIn: "5m",
// The token to be passed during SSO
const token = jwt.sign(payload, privateKEY, signOptions);
  • You can create your own 1024 bit private/public key or Ayrshare can provide one once you activate your Business Membership.

  • The apiKey is the API Key of your primary account. It will be the same for every call. Obtain the key by logging in to the Ayrshare dashboard with your primary email and going to API Dashboard.

  • The profileKey is the Profile Key of your user. Pass the profile key of the user you want to single sign on into Ayrshare. Profiles can be created with the /profiles endpoint or via the Ayrshare Dashboard.

  • The issuer is your domain and is the same for every call.

  • The subject is always [email protected]

  • The audience is the app.ayrshare.com.

  • The expiresIn is always 5m and algorithm is always RS256. NOTE: the JWT token is only valid for 5 minutes, so we suggest regenerating it every time.

A signed token is created and sent as a parameter to Ayrshare for SSO.

Alternatively, if you have your client's social media credentials (username/password) you can link their social network yourself using Ayrshare's dashboard.

Passing the Token for SSO

The token is passed as a URL parameter. From your app open in a new tab:

https://profile.ayrshare.com?domain=[domain id]&jwt=[jwt token]

Where domain id is your domain identified (provided to you by Ayrshare during setup) and jwt token is the token created above. This is often done from a button or link on your site.

Your client will be single signed on into the Ayrshare app and be brought to the Social Media Accounts set up page.

When testing, log out of the current profile before making an SSO call with a different profile. Signed in profiles remain signed in until explicitly logged out.

Please see here for more details of the client experience:

Once your client setups their social media links, you will be able to begin posting on their behalf using the /post and /profile endpoints.