profiles

Profiles API Endpoint: Create and manage multiple user profiles.

Specify a User Profile in the API call by adding the Profile Key in the header.

The Business Plan is required for accessing these endpoints.


Create a User Profile

POST https://app.ayrshare.com/api/profiles

Create a new profile under your Primary Profile. Upon successful creation of the User Profile, the API response will include the Profile Key associated with the newly created profile. Securely store the Profile Key in your system, as it will be required to make API calls on behalf of your user.

Please note that for security reasons, the Profile Keys are only returned in two specific cases:

  1. User Profile Creation: When a new User Profile is created.

  2. In the Ayrshare Dashboard: You can find the Profile Key for each profile within the Ayrshare Dashboard. Switch to the User Profile and then navigate to the Profile Key page.

We recommend you securely store the Profile Key in your system.

Manage Social Networks

Please use the disableSocial field to manage (add/remove) social networks from display. Please Manage Social Accounts for more information.

Important Security Considerations

  • Profile Keys are sensitive credentials used to authenticate and authorize access to User Profiles. It is crucial to store Profile Keys securely in your system to maintain the integrity and confidentiality of your users' data.

  • Avoid sharing Profile Keys publicly or exposing them in client-side code or public repositories.

Headers

NameTypeDescription

Authorization*

string

Format: Authorization: Bearer API_KEY. See Overview for more information.

Request Body

NameTypeDescription

title*

string

Title of the new profile. Must be unique. This title will be displayed on the social account linking page.

messagingActive

boolean

Set to true to active messaging for this user profile. Default: false. Messaging must be first be enabled for the account.

hideTopHeader

boolean

Hide the top header on the social accounts linkage page. Default false.

topHeader

string

Change the header on the social accounts linkage page. Currently displays: "Social Accounts for {title}" where {title} is the profile title.

disableSocial

array

Array of social networks that are disabled for this user's profile. The primary profile's list of disabled social networks takes precedence. Available networks: twitter, facebook, instagram, linkedin, telegram, gmb, youtube, tiktok, pinterest, and reddit.

See here for more information.

team

boolean

Create a new user profile as a team member by setting team: true. The email field will be used to send an invite email. See inviting a team member for details on the requirements.

email

string

A valid email address where the team member invite will be sent. Required if team: true

subHeader

string

Change the sub header on the social accounts linakge page. Currently displays "Click an icon to link a social network". Set to an empty string to remove.

See how to change the help link.

tags

array

Tag user profiles using an array of strings. These tags serve as an internal organizational tool to categorize and manage your user profiles effectively.

{
    "status": "success",
    "title": "Digg It",
    "refId": "140b8709bd6ade099b242d895e268fb886130c53",
    "profileKey": "7TVRLEZ-24A43C0-NJW0Z82-F11984N"
}

Request Examples

curl \
-H "Authorization: Bearer API_KEY" \
-H 'Content-Type: application/json' \
-d '{"title": "ACME Profile"}' \
-X POST https://app.ayrshare.com/api/profiles

The Profile Key returned should be securely stored in your system with appropriate access controls. For security reasons, the Profile Key can't not be retrieved again via the API. However, you can retrieve the Profile Key via the dashboard.

The refId should also be stored to associate a profile to an endpoint return.


Delete a User Profile

DELETE https://app.ayrshare.com/api/profiles

Delete a user profile you are the owner of. Deleting a User Profile deleted all referenced and is irrevocable - cannot be undone.

Headers

NameTypeDescription

Authorization*

string

Format: Authorization: Bearer API_KEY. See Overview for more information.

Profile-Key*

string

The Profile Key of the profile to delete, returned from /create-profile. May also use the API Key found in the web dashboard.

Request Body

NameTypeDescription

title

string

Title of the User Profile to delete. Must be present if profileKey is not passed. title is case-sensitive and must match the User Profile title.

{
    "status": "success",
    "refId": "823nd82nd92jsnn2932"
}

Request Examples

curl \
-H "Authorization: Bearer API_KEY" \
-H 'Content-Type: application/json' \
-H 'Profile-Key: PROFILE_KEY' \
-X DELETE https://app.ayrshare.com/api/profiles

Update a User Profile

PATCH https://app.ayrshare.com/api/profiles

Update an existing profile's title, hide title, list of disabled social platforms, or display the title.

Headers

NameTypeDescription

Authorization*

string

Format: Authorization: Bearer API_KEY. See Overview for more information.

Profile-Key*

string

Profile Key for a user profile.

Request Body

NameTypeDescription

disableSocial

array

Update the list of disabled profiles. The array will overwrite the previous list of disabled social networks. Remove all disabled social by sending an empty array []. Available networks: twitter, facebook, instagram, linkedin, telegram, gmb, youtube, tiktok, pinterest, and reddit.

See here for more information.

messagingActive

boolean

Set to true or false to active messaging for this user profile. Messaging must be first be enabled for the account.

title

string

Updated title.

hideTitle

boolean

Update hide title.

displayTitle

string

Update display title.

tags

array

Tag user profiles using an array of strings. These tags serve as an internal organizational tool to categorize and manage your user profiles effectively. Send an empty array [] to delete all tags.

{
    "status": "success",
    "refId": "b1eb30ce50607a40000b220c01c20a88a49fe76f"
}

Request Examples

curl \
-H "Authorization: Bearer API_KEY" \
-H 'Content-Type: application/json' \
-d '{"profileKey": "Jokdf-903Js-j9sd0-Pow02-QS9n3", "title": "ACME Profile"}' \
-X PATCH https://app.ayrshare.com/api/profiles

Get User Profiles

GET https://app.ayrshare.com/api/profiles

Get all the profiles associated with the primary profile. For security, the Profile Keys are not returned via this GET call. Please see here for more information.

Query Parameters

NameTypeDescription

title

string

Return only the profile associated with the URL encoded title. Optional.

refId

string

Return only the profile associated with the given refId. The refId was returned during the profile creation or from the /user endpoint. Optional.

hasActiveSocialAccounts

boolean

If true return only profiles that have at least one connected social account (activeSocialAccounts length greater than zero). If false return only profiles with zero connected social accounts (activeSocialAccounts length is zero).

includesActiveSocialAccounts

array

Filter profiles to include those whose activeSocialAccounts contain all of the social media platforms specified in the includesActiveSocialAccounts list. Profiles can have additional platforms in their activeSocialAccounts beyond those listed in includesActiveSocialAccounts and still be included in the filtered results. Values: facebook, instagram, linkedin, pinterest, gmb, reddit, youtube, tiktok, twitter.

Headers

NameTypeDescription

Authorization

string

Format: Authorization: Bearer API_KEY. See Overview for more information.

{
    "profiles": [
        {
            "title": "Digg It Title",
            "displayTitle": "Your title",
            "created": {
                "_seconds": 1604094099,
                "_nanoseconds": 530000000
            },
            "createdUTC": "2022-03-02T16:11:00.839Z",
            "refId": "160c8700bd6ade099b242d845e268fb986130c53",
            "activeSocialAccounts": [
                "twitter",
                "facebook",
                "linkedin",
                "instagram"
            ],
        },
        {
            "title": "Super Profile",
            "created": {
                "_seconds": 1604377627,
                "_nanoseconds": 252000000
            },
            "createdUTC": "2022-03-02T16:11:00.839Z",
            "refId": "170a8700bd6ade099b242d845e268fb986130c53"
        },
        {
            "title": "Good Fun Title"
            "created": {
                "_seconds": 1605107864,
                "_nanoseconds": 96000000
            },
            "createdUTC": "2022-03-02T16:11:00.839Z",
            "refId": "180s8700bd6ade099b242d845e268fb986130c53",
            "activeSocialAccounts": [
                "facebook",
                "linkedin",
                "youtube"
            ],
        }
    ]
}

Request Examples

curl \
-H "Authorization: Bearer API_KEY" \
-X GET https://app.ayrshare.com/api/profiles

DELETE https://app.ayrshare.com/api/profiles/social

Unlink a social network for a given user profile. For example, if a user profile is linked to TikTok, unlink TikTok by making this endpoint request. A successful 200 response will be returned even if the platform is not linked. If the Profile-Key is not provided the Primary Profile's social account will be unlinked.

Headers

NameTypeDescription

Authorization*

string

Format: Authorization: Bearer API_KEY. See Overview for more information.

Profile-Key*

string

The Profile Key of a user profile.

Request Body

NameTypeDescription

platform*

string

Platform to unlink: "facebook", "gmb", "instagram", "linkedin", "reddit", "telegram", "tiktok", "twitter", "youtube".

{
    "status": "success",
    "platform": "twitter",
    "refId": "13a9wa9e0df1183b7a6a1fc2c61b8023fa9a32a1"
}

Request Examples

curl \
-H "Authorization: Bearer API_KEY" \
-H 'Content-Type: application/json' \
-H 'Profile-Key: PROFILE_KEY' \
-d '{"platform": "twitter"}' \
-X DELETE https://app.ayrshare.com/api/profiles/social

Generate a JWT

POST https://app.ayrshare.com/api/profiles/generateJWT

Generate a JSON Web Token (JWT) for use with single sign on. Used if you do not want to generate the JWT yourself. Also provided is the URL that can directly be used for SSO. The JWT URL is valid for 5 minutes. After 5 minutes you must generate a new JWT URL. Please the Max Pack expireIn for additional options.

Headers

NameTypeDescription

Authorization*

string

Format: Authorization: Bearer API_KEY. See Overview for more information.

Request Body

NameTypeDescription

domain*

string

Domain of app. Please use the exact domain given during onboarding.

privateKey*

string

Private Key use for encryption.

profileKey*

string

User Profile Key. The API Key can not be used in this field.

logout

boolean

Automatically logout the current session. Recommend not to use in production since it affects the performance. Please see here.

redirect

string

Specify a URL to redirect to when the "Done" button or logo image is clicked. The URL will be automatically shortened in the returned JWT url. Redirect the origin opener window by adding the query parameter origin=true to the redirect URL.

verify

boolean

Verify that the generated token is valid. Recommend to only use in non-production environment. See below for details.

base64

boolean

If the private key is base64 encoded, set to true. Default false.

Encode the private.key file in base64 and pass the single line String in the privateKey field.

E.g in Linux: cat private.key | base64

expiresIn

number

Set the longevity of the token in minutes. Default 5 minutes. Range: 1 minute to 2880 minutes.

MaxPack required. See below for details.

email

object

Send a Connect Accounts email with a link for users to directly access their social linkage page.

MaxPack required. See below for details.

{
    "status": "success",
    "title": "User Profile Title",
    "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlLZXkiOiJBSjNQR1cxLThIWk04UjQtR0NXVFZKVy1ZRTE1M1BFIiwicHJvZmlsZUtleSI6IjhKNDY4UFktSjM5TVlXRC1IWEpLVlIyLVBRMjBQUlMiLCJpYXQiOjE2MTQyMjYwNDksImV4cCI6MTYxNDIyNjM0OSwiYXVkIjoiaHR0cHM6Ly9hcHAuYXlyc2hhcmUuY29tIiwiaXNzIjoiYm9uZGJyYW5kbG95YWx0eS5jb20iLCJzdWIiOiJzdXBwb3J0QGF5cnNoYXJlLmNvbSJ9.Se387OyhJIdaDkFkvAe0Dwo3pQrHBwdg2bbjqKYn7BZuVDxPboJmTsd7rra8N-Z6b9_fJOtwlRFGBLW1CvgLGU4RSisTVqjqhAkb3KNhpA7cZ673IJbRX-ST7tYadKKzmd9GNrZW9rhxHOlgMJ9uOboc4dcaDbNmzb_yCrfLY-E"
    "url": "https://profile.ayrshare.com?domain=PROVIDED_DOMAIN&jwt=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcGlLZXkiOiJBSjNQR1cxLThIWk04UjQtR0NXVFZKVy1ZRTE1M1BFIiwicHJvZmlsZUtleSI6IjhKNDY4UFktSjM5TVlXRC1IWEpLVlIyLVBRMjBQUlMiLCJpYXQiOjE2MTQyMjYwNDksImV4cCI6MTYxNDIyNjM0OSwiYXVkIjoiaHR0cHM6Ly9hcHAuYXlyc2hhcmUuY29tIiwiaXNzIjoiYm9uZGJyYW5kbG95YWx0eS5jb20iLCJzdWIiOiJzdXBwb3J0QGF5cnNoYXJlLmNvbSJ9.Se387OyhJIdaDkFkvAe0Dwo3pQrHBwdg2bbjqKYn7BZuVDxPboJmTsd7rra8N-Z6b9_fJOtwlRFGBLW1CvgLGU4RSisTVqjqhAkb3KNhpA7cZ673IJbRX-ST7tYadKKzmd9GNrZW9rhxHOlgMJ9uOboc4dcaDbNmzb_yCrfLY-E",
    "emailSent": true,     // See details below
    "expiresIn": "30m"     // See details below
}

Request Examples

curl \
-H "Authorization: Bearer API_KEY" \
-H 'Content-Type: application/json' \
-d '{"domain": "ACME", "privateKey": "-----BEGIN RSA PRIVATE KEY...", "profileKey": "PROFILE_KEY"}' \
-X POST https://app.ayrshare.com/api/profiles/generateJWT

Important Additional Info

Additional JWT Info

Switching Profiles

If you want to switch profile sessions, i.e. use a different profile, please see Automatic Logout of a Profile Session.

Private Key

The Private Key must be precise, meaning preserving all characters including newlines. We recommend reading the private.key from a file to preserve all characters. If you paste the key into your code, you might need to manually replace newlines with a \n character or URL encode the string.

Pasting the key directly into code often gives issues.

It is recommend to first verify your data in Postman using generateJWT. You can then generate the code from Postman, or read the key file from a directory or database. Use the user's profile Profile Key in the profileKey field. Using the API Key in the profileKey field will result in an error.

❗Use the verify field in the /generateJWT endpoint to check the parameters.

Opening the JWT URL

Open the JWT URL in a new browser tab, browser window, or View Controller on iOS. The social networks do not allow opening the URL in an iFrame or obfuscating the approved partner origin domain.

You may control the closing or redirecting of the new window or tab.

Generate a JSON Web Token

1 minute video explaining how to generate a JSON Web Token (JWT):

Verify the JWT URL

The generateJWT endpoint does not validate the returned JWT URL by default. For example, if a corrupt Private Key is passed into generateJWT a URL will still be returned and the URL result in a 401 error.

You can verify the returned JWT URL by including verify: true in the generateJWT body parameters. If the JWT URL can not be validated an error will be returned. For example, if the Private Key had a character removed the following would be returned:

{
    "action": "JWT",
    "status": "error",
    "code": 189,
    "message": "Error generating JWT. Check the sent parameters, such as the privateKey has no extra tabs, spaces, or newlines. Also the entire private.key file including -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----. Error: secretOrPrivateKey must be an asymmetric key when using RS256"
}

We recommend using verify: true only in a non-production environment since te validation takes additional processing time.

Bubble.io

If you are a Bubble user, please see Generate JWT Token in the Bubble.io section for instructions:

Bubble.io

JWT Expire In

If you want a longer JWT timeout than the default 5 minutes, include the expireIn field.

For example, send the following JSON to set the JWT URL valid for 30 minutes:

{
    "expireIn": 30
}

This allows you to email the link to your users instead of them having to go to your app or platform. A common use case is if your user need to reconnect a social account, you can email them the JWT link to directly re-link the social account instead of having to navigate to your platform.

Be sure to review with your security team how long your business wants to keep the JWT alive. Longer expire times creates additional risk of an unauthorized party accessing the link.

Mobile JWT Examples

The following Swift, Flutter, and React Native code examples show how to launch the social linking page on an iOS device. Replace the jwtURL String variable with the return from the /generateJWT endpoint.

Swift (iOS)

In Swift, use a UIViewController and SFSafariViewControllerDelegate. We don't recommend using a WebView since some social networks such as Facebook and Google block authentication.

Flutter (Dart)

In Flutter (Dart), there is no direct equivalent to a UIViewController or the SFSafariViewController. However, you can achieve a similar functionality by using the url_launcher package to open web URLs.

React Native

React Native also doesn't have a direct equivalent to SFSafariViewController, but you can achieve a similar result with the WebBrowser API provided by expo-web-browser, which opens a URL in a modal browser window that shares cookies with the system browser. Otherwise, you can use the built-in React Native Linking function to open Safari: await Linking.canOpenURL(jwtURL);

import UIKit
import SafariServices

class ViewController: UIViewController, SFSafariViewControllerDelegate {
    
    var jwtURL = "https://profile.ayrshare.com?domain=acme&jwt=eyJhbGciOiJ"

    override func viewDidLoad() {
        super.viewDidLoad()
        setupButton()
    }