Connect Social Accounts
OmniSocial supports Facebook, Instagram, and TikTok. Each connected account enables publishing, analytics, conversation management, and ad integration from a single dashboard.
How to Connect
- Navigate to Settings > Social Accounts (or the Accounts page)
- Click Connect Account
- Select the platform
- Complete the OAuth 2.0 authorization flow
- Select which pages/accounts to manage
- The account appears in your connected accounts list
Platform Requirements
| Platform | Account Type | Requirements | Key Permissions |
|---|---|---|---|
| Page | Admin access to the Page | pages_manage_posts, pages_read_engagement, pages_messaging | |
| Business or Creator | Must be linked to a Facebook Page | instagram_basic, instagram_content_publish, instagram_manage_comments | |
| TikTok | Business | TikTok Business account | Content publishing, video insights |
Instagram Business/Creator accounts must be linked to a Facebook Page to work with the Meta Graph API. If your Instagram account isn't linked, connect it first through your Instagram app settings under Settings > Account > Linked Accounts.
What Gets Stored
When you authorize a social account, OmniSocial securely stores:
| Data | Purpose |
|---|---|
| Access Token | Encrypted at rest with AES-256-GCM |
| Refresh Token | Encrypted, used for automatic token renewal |
| Platform User ID | Unique identifier on the platform |
| Platform Username | Your handle/page name |
| Display Name & Avatar | For identification in the UI |
| Granted Scopes | The specific permissions you authorized |
| Token Expiry | Tracked to trigger refresh before expiration |
| Metadata | Platform-specific configuration (JSON) |
Each account is uniquely identified by [userId, platform, platformUserId] -- preventing duplicate connections.
Automatic Token Management
Social platform tokens expire periodically. OmniSocial handles this transparently:
- Background monitoring -- The
token-refreshqueue continuously checks for expiring tokens - Auto-refresh -- Tokens are refreshed before they expire using the stored refresh token
- Expiry tracking -- The
tokenExpiresAtfield is monitored per account - Re-auth alerts -- If auto-refresh fails (e.g., permissions revoked), you'll see a warning banner
- Last synced -- Each account shows
lastSyncedAtso you know it's active
Managing Accounts
From Settings > Social Accounts:
| Action | Description |
|---|---|
| View Status | See if the account is active, when it was last synced |
| Reconnect | Re-authorize if the token has expired or permissions changed |
| Disconnect | Remove the account (already-published posts are unaffected) |
| View Details | See platform-specific metadata |
Multiple Accounts
You can connect multiple accounts per platform. For example:
- 3 Facebook Pages for different brands
- 2 Instagram Business accounts
- 1 TikTok Business account
The maximum number of connected accounts depends on your subscription plan.
Security
- All OAuth tokens encrypted with AES-256-GCM using a 64-character hex encryption key
- Encryption key stored as an environment variable, never in the database
- Tokens are never exposed in API responses
- Disconnecting immediately removes stored tokens
- Each workspace's tokens are isolated from other workspaces
Next Steps
With your accounts connected, you're ready to create your first post.