Skip to main content

Authentication

Social Champ supports two ways to authenticate REST API requests. Both hit the same endpoints under the /v1/rest base path on https://api.socialchamp.com, and both are sent using the same header:

Authorization: Bearer YOUR_TOKEN

The API tries to validate the bearer value as an OAuth2 access token first, and falls back to matching it against your static API keys. You only need to provide one.

Which method should I use?

MethodBest forHow you get it
Static API keyYour own server-to-server scripts and internal automationsCreated in Settings > Developer
OAuth2 access tokenThird-party / partner apps acting on behalf of Social Champ users (Zapier, WordPress, MCP clients)Authorization-code flow at /oauth2/authorize + /oauth2/token

Both methods grant the read_profile and manage_post scopes that the public endpoints require.

Static API Key

Use a static API key when you are calling the API from your own backend with your own account. Create the key in Settings > Developer, then send it as a bearer token:

Authorization: Bearer YOUR_API_KEY
curl -X GET "https://api.socialchamp.com/v1/rest/profile" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Accept: application/json"

For step-by-step key generation, see Create API Token.

OAuth2 Access Token

Use OAuth2 when you are building an integration that acts on behalf of other Social Champ users (for example a partner app, Zapier, or an MCP client). Run the standard authorization-code flow:

  1. Redirect the user to https://api.socialchamp.com/oauth2/authorize to obtain an authorization code.
  2. Exchange that code at https://api.socialchamp.com/oauth2/token, which returns a JSON payload containing access_token, token_type (Bearer), refresh_token, and scope.
  3. Call the REST endpoints with the access token:
Authorization: Bearer YOUR_ACCESS_TOKEN
curl -X GET "https://api.socialchamp.com/v1/rest/profile" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Accept: application/json"

MCP clients use the dedicated /oauth2/mcp/* variants of these endpoints.