Authentication
Social Champ supports two ways to authenticate REST API requests. Both hit the same endpoints under the /v1/rest base path on https://api.socialchamp.com, and both are sent using the same header:
Authorization: Bearer YOUR_TOKEN
The API tries to validate the bearer value as an OAuth2 access token first, and falls back to matching it against your static API keys. You only need to provide one.
Which method should I use?
| Method | Best for | How you get it |
|---|---|---|
| Static API key | Your own server-to-server scripts and internal automations | Created in Settings > Developer |
| OAuth2 access token | Third-party / partner apps acting on behalf of Social Champ users (Zapier, WordPress, MCP clients) | Authorization-code flow at /oauth2/authorize + /oauth2/token |
Both methods grant the read_profile and manage_post scopes that the public endpoints require.
Static API Key
Use a static API key when you are calling the API from your own backend with your own account. Create the key in Settings > Developer, then send it as a bearer token:
Authorization: Bearer YOUR_API_KEY
curl -X GET "https://api.socialchamp.com/v1/rest/profile" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Accept: application/json"
For step-by-step key generation, see Create API Token.
OAuth2 Access Token
Use OAuth2 when you are building an integration that acts on behalf of other Social Champ users (for example a partner app, Zapier, or an MCP client). Run the standard authorization-code flow:
- Redirect the user to
https://api.socialchamp.com/oauth2/authorizeto obtain an authorization code. - Exchange that code at
https://api.socialchamp.com/oauth2/token, which returns a JSON payload containingaccess_token,token_type(Bearer),refresh_token, andscope. - Call the REST endpoints with the access token:
Authorization: Bearer YOUR_ACCESS_TOKEN
curl -X GET "https://api.socialchamp.com/v1/rest/profile" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Accept: application/json"
MCP clients use the dedicated /oauth2/mcp/* variants of these endpoints.