Connect a social account
StreamX uses OAuth 2.0 to connect your accounts — we never see or store your platform passwords.
How it works
When you click Connect for, say, YouTube:
- Your browser opens YouTube's official sign-in page
- You sign in with YouTube's server, not ours
- YouTube asks you to confirm: "StreamX wants permission to upload videos and read your channel info"
- You click Allow
- YouTube redirects back to StreamX with a short-lived authorization code
- Our backend exchanges that code for a long-lived refresh token + access token
- We store the refresh token encrypted in our database, mapped to your account
What we can do with your accounts
Per the OAuth scopes we request:
- YouTube — upload videos, edit titles/descriptions, read your channel statistics
- Facebook — post to pages you manage, read page insights
- Instagram — publish posts and reels (requires Instagram Business or Creator account)
- X (Twitter) — post tweets, manage threads
- TikTok — upload videos (Marketing API access required for some features)
- LinkedIn — post to your profile and managed company pages
What we can NOT do
- Read your DMs
- Change your password or profile
- Delete your account
- Access platforms you didn't connect
Disconnecting an account
In the desktop app: Accounts → pick account → Disconnect. This revokes the OAuth refresh token on our end. The platform itself may keep the connection visible in its security settings for a while — that's fine, it's no longer usable.