OAuth
A standard protocol that lets one app act on your behalf in another, without you sharing your password.
What is OAuth?
OAuth (specifically OAuth 2.0) is how almost every "Connect with..." button works. When you click "Connect Instagram" in TryPost, you're not handing over your Instagram password. You're being redirected to Instagram, signing in there, and approving a list of permissions ("TryPost can read and post on my behalf"). Instagram then issues TryPost a token — a string that proves the connection is authorized.
TryPost stores the token, not your password. Instagram never sees TryPost's database. You can revoke access from Instagram's settings at any time, and the token stops working immediately.
What permissions ("scopes") look like
Each network defines its own scopes — narrow, specific permissions. For a scheduler, typical scopes are:
read_insights— read analyticspages_show_list— list pages you managepages_manage_posts— schedule / publish postsinstagram_content_publish— publish to Instagram
Granting one doesn't grant the others. A scheduler should request the minimum it needs.
Why this matters for users
- No password sharing: you never give the scheduler your Instagram password
- Revocable: one click in Instagram settings cuts the connection
- Scoped: the scheduler can only do what you approved — it can't, for example, read your DMs unless you granted that scope (and a scheduler should never ask)
- Auditable: every network shows you a list of connected apps and the last time each was active