Data

This Documentation explains the data that is transmitted to third party services.  There are no actionable steps for you to complete.

When using WordPress to Hootsuite Pro (or WordPress to Hootsuite), the Plugin will connect to two third party API services:

  • WP Zinc
  • Hootsuite

WP Zinc

Authentication

When following the Authentication steps, Hootsuite sends a request to our API once you have logged into Hootsuite.

Our API takes that request, and sends a response with what is called a Client Secret.  This is a super-specific, Plugin password.  In return, Hootsuite grants an Access Token, which permits our Plugin to post status updates to your Hootsuite account.  This is a safe and secure authentication method, ensuring that your login credentials are never shared with us.

This Access Token is then returned to your WordPress installation, and you will see an on screen message confirming

This is required, because:

  1. We cannot share our Client Secret in our Plugin code.  Doing so would potentially enable a malicious user to control any number of authenticated Hootsuite accounts.
  2. Hootsuite’s API requires a single, static URL to redirect to once a user has logged into Hootsuite.  Given that our Plugin can be installed on any WordPress web site (and therefore the redirect could be any URL), this extra step ensures smooth authentication.

Your login process is directly with Hootsuite, who never share your credentials.  Furthermore, we never store any information on our web site or API during this process.

Statuses with Images

When publishing or updating a Post, Page or Custom Post Type, and the Plugin is configured to schedule / send one or more status updates to Hootsuite, if your Post, Page or Custom Post Type has a Featured Image, its URL will be sent to our API.

In turn, our API takes that request, and uploads the image to Hootsuite’s ow.ly service.  This is required, as Hootsuite only permit inclusion of images in status updates that originate from its own ow.ly service.

The ow.ly URL returned by Hootsuite is then returned to the Plugin, and included in the status update.

This process is required, because:

  1. We cannot share our Client Secret in our Plugin code.  Doing so would potentially enable a malicious user to control any number of authenticated Hootsuite accounts.

We never store any information on our web site or API during this process.

Hootsuite

Once you have authenticated with Hootsuite, status updates will be sent to the Hootsuite REST API, depending on how you have configured the Plugin.

The data sent will also depend on the fields that you are including with your status updates – for example, your Post’s Title, URL, Excerpt etc.

If Logging is enabled, the results of the status update from Hootsuite are stored in the Post metadata.