Hootsuite Install & Auth
Overview
Configure Hootsuite REST API OAuth 2.0 authentication. Hootsuite uses OAuth 2.0 with Bearer tokens. You register an app in the Hootsuite Developer Portal, get client credentials, and exchange authorization codes for access tokens.
Prerequisites
- Hootsuite account (Business plan or higher for API access)
- Registered app at https://developer.hootsuite.com
- Client ID and Client Secret from your app
Instructions
Step 1: Register Your App
- Go to https://developer.hootsuite.com
- Create a new app
- Note your Client ID and Client Secret
- Set redirect URI to
https://your-app.com/callback
Step 2: Configure Environment
# .env (NEVER commit)
HOOTSUITE_CLIENT_ID=your_client_id
HOOTSUITE_CLIENT_SECRET=your_client_secret
HOOTSUITE_REDIRECT_URI=https://your-app.com/callback
HOOTSUITE_ACCESS_TOKEN= # Populated after OAuth flow
# .gitignore
.env
.env.local
Step 3: OAuth 2.0 Authorization Flow
// auth.ts — OAuth 2.0 authorization code flow
import 'dotenv/config';
const { HOOTSUITE_CLIENT_ID, HOOTSUITE_CLIENT_SECRET, HOOTSUITE_REDIRECT_URI } = process.env;
// Step 1: Redirect user to authorize
function getAuthUrl(): string {
const params = new URLSearchParams({
response_type: 'code',
client_id: HOOTSUITE_CLIENT_ID!,
redirect_uri: HOOTSUITE_REDIRECT_URI!,
scope: 'offline',
});
return `https://platform.hootsuite.com/oauth2/auth?${params}`;
}
// Step 2: Exchange authorization code for tokens
async function exchangeCode(code: string) {
const response = await fetch('https://platform.hootsuite.com/oauth2/token', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': `Basic ${Buffer.from(`${HOOTSUITE_CLIENT_ID}:${HOOTSUITE_CLIENT_SECRET}`).toString('base64')}`,
},
body: new URLSearchParams({
grant_type: 'authorization_code',
code,
redirect_uri: HOOTSUITE_REDIRECT_URI!,
}),
});
const tokens = await response.json();
console.log('Access Token:', tokens.access_token);
console.log('Refresh Token:', tokens.refresh_token);
console.log('Expires In:', tokens.expires_in, 'seconds');
return tokens;
}
// Step 3: Refresh expired token
async function refreshToken(refreshToken: string) {
const response = await fetch('https://platform.hootsuite.com/oauth2/token', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': `Basic ${Buffer.from(`${HOOTSUITE_CLIENT_ID}:${HOOTSUITE_CLIENT_SECRET}`).toString('base64')}`,
},
body: new URLSearchParams({
grant_type: 'refresh_token',
refresh_token: refreshToken,
}),
});
return response.json();
}
Step 4: Verify Connection
async function verifyConnection(accessToken: string) {
const response = await fetch('https://platform.hootsuite.com/v1/me', {
headers: { 'Authorization': `Bearer ${accessToken}` },
});
const user = await response.json();
console.log('Connected as:', user.data.fullName);
console.log('Organization:', user.data.organizationName);
return user;
}
Output
- OAuth 2.0 app credentials configured
- Access token obtained via authorization code flow
- Token refresh mechanism for long-lived access
- Connection verified with user profile
Error Handling
| Error | Cause | Solution |
|-------|-------|----------|
| 401 Unauthorized | Invalid or expired token | Refresh token or re-authorize |
| invalid_client | Wrong client ID/secret | Check app credentials |
| invalid_grant | Authorization code expired | Codes expire in 30s; re-authorize |
| redirect_uri_mismatch | URI doesn't match | Must exactly match app registration |
Resources
Next Steps
After auth, proceed to hootsuite-hello-world for your first API call.