Set credentials

curl --request PUT \
  --url https://api.example.com/v1/end-users/{endUserId}/credentials \
  --header 'Content-Type: application/json' \
  --data '
{
  "twitterAuthToken": "<string>",
  "twitterCt0": "<string>",
  "redditSession": "<string>",
  "tiktokSessionId": "<string>",
  "tiktokCsrfToken": "<string>",
  "youtubeSid": "<string>",
  "youtubeHsid": "<string>",
  "youtubeSsid": "<string>",
  "youtubeSapisid": "<string>",
  "instagramSessionId": "<string>",
  "instagramCsrfToken": "<string>",
  "instagramDsUserId": "<string>"
}
'

{
  "ok": true
}

PUT

end-users

{endUserId}

credentials

Set credentials

curl --request PUT \
  --url https://api.example.com/v1/end-users/{endUserId}/credentials \
  --header 'Content-Type: application/json' \
  --data '
{
  "twitterAuthToken": "<string>",
  "twitterCt0": "<string>",
  "redditSession": "<string>",
  "tiktokSessionId": "<string>",
  "tiktokCsrfToken": "<string>",
  "youtubeSid": "<string>",
  "youtubeHsid": "<string>",
  "youtubeSsid": "<string>",
  "youtubeSapisid": "<string>",
  "instagramSessionId": "<string>",
  "instagramCsrfToken": "<string>",
  "instagramDsUserId": "<string>"
}
'

{
  "ok": true
}

Path parameters

endUserId

string

required

Opaque identifier for the end-user. Must be ≤ 256 characters.

Request body

All fields are optional — include only the platforms you want to set or update. Existing credentials for platforms you don’t mention stay in place.

twitterAuthToken

string

twitterCt0

string

redditSession

string

tiktokSessionId

string

tiktokCsrfToken

string

youtubeSid

string

youtubeHsid

string

youtubeSsid

string

youtubeSapisid

string

instagramSessionId

string

instagramCsrfToken

string

instagramDsUserId

string

See Platforms for where to find each cookie in your browser.

Response — `200 OK`

boolean

Always true on success.

Example

curl "$API_BASE/end-users/alice/credentials" -X PUT \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "twitterAuthToken": "...",
    "twitterCt0": "..."
  }'

Security notes

Credentials are KMS-encrypted at rest with a key that only the stablebrowse workers can decrypt.
They’re never returned by any GET endpoint. The status endpoint returns only “configured: true/false” flags.
They’re scoped to (businessId, endUserId). Two businesses can both have an alice end-user with independent credentials.
On suspicion of leak, call DELETE /v1/end-users/{endUserId}/credentials and re-upload fresh ones.

Errors

Code	Meaning
`400`	`endUserId` > 256 chars, invalid JSON body, or no recognized cred fields supplied
`401`	Missing `Authorization` header
`403`	Revoked API key

Get session Get credentials status

⌘I

Overview

Tasks

Sessions

End users

API keys

Set credentials

Path parameters

Request body

Response — `200 OK`

Example

Security notes

Errors

Overview

Tasks

Sessions

End users

API keys

​Path parameters

​Request body

​Response — 200 OK

​Example

​Security notes

​Errors

Path parameters

Request body

Response — `200 OK`

Example

Security notes

Errors