OAuth Credentials
Sosyabot resolves OAuth app credentials in this order: per-platform admin override (in Options) → ENV variable. The admin panel exposes the override layer so you can rotate keys without redeploying.
Sixteen integration pages
Every supported provider has a dedicated form under /admin/api-integration/<provider>:
x-twitter,facebook,instagram(shares Facebook),linkedin,tiktok,threadsbluesky,mastodon,pinterest,youtube,redditdiscord,slack,telegramqevron,listmonk,online-media-search(Unsplash / Pexels / Pixabay)
Storage keys
| Provider | Keys |
|---|---|
| X (Twitter) | x-twitter_client-id, x-twitter_client-secret |
| Facebook + Instagram | facebook_app-id, facebook_app-secret |
linkedin_client-id, linkedin_client-secret | |
| TikTok | tiktok_client-key, tiktok_client-secret |
| Discord | discord_client-id, discord_client-secret, discord_bot-token |
| Slack | slack_client-id, slack_client-secret, slack_bot-token |
| Qevron | qevron_api-base-url, qevron_api-key |
Other providers follow the same naming pattern. See ENV Reference for the analogous env vars.
Test endpoint
Each form has a Test button that calls:
GET /api/v1/options/test/oauth/:providerThe test fetches a token (or makes a getMe-style call) using the configured credentials and reports success or the upstream error inline.
When admin overrides take effect
Most platforms re-read credentials on the next OAuth callback — no restart needed. The Twitter (passport) strategy is the exception: it's reloaded automatically when X credentials change.