When using WordPress to SocialPilot Pro (or WordPress to SocialPilot), the Plugin will connect to two third party API services:
- WP Zinc
When following the Authentication steps,SocialPilot sends a request to our API once you have logged into SocialPilot.
Our API takes that request, and sends a response with what is called a Client Secret. This is a super-specific, Plugin password. In return, SocialPilot grants an Access Token, which permits our Plugin to post status updates to your SocialPilot account. This is a safe and secure authentication method, ensuring that your login credentials are never shared with us.
This Access Token is then returned to your WordPress installation, and you will see an on screen message confirming
This is required, because:
- We cannot share our Client Secret in our Plugin code. Doing so would potentially enable a malicious user to control any number of authenticated SocialPilot accounts.
- SocialPilot’s API requires a single, static URL to redirect to once a user has logged into Buffer. Given that our Plugin can be installed on any WordPress web site (and therefore the redirect could be any URL), this extra step ensures smooth authentication.
Your login process is directly with SocialPilot, who never share your credentials. Furthermore, we never store any information on our web site or API during this process.
Once you have authenticated with SocialPilot, status updates will be sent to the SocialPilot API, depending on how you have configured the Plugin.
The data sent will also depend on the fields that you are including with your status updates – for example, your Post’s Title, URL, Excerpt etc.
If Logging is enabled, the results of the status update from SocialPilot are stored in the Post metadata.