hootsuite-security-basics

Solid

Apply Hootsuite security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Hootsuite security configuration. Trigger with phrases like "hootsuite security", "hootsuite secrets", "secure hootsuite", "hootsuite API key security".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
90
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Hootsuite Security Basics ## Credential Inventory | Credential | Scope | Rotation | |-----------|-------|----------| | Client ID | App-level | Never (app identifier) | | Client Secret | App-level | Rotate if compromised | | Access Token | User session | Auto-expires (~1 hour) | | Refresh Token | User session | Rotate on each refresh | ## Instructions ### Step 1: Secure Token Storage ```bash # .env (never commit) HOOTSUITE_CLIENT_ID=app_client_id HOOTSUITE_CLIENT_SECRET=app_secret HOOTSUITE_ACCESS_TOKEN=current_token HOOTSUITE_REFRESH_TOKEN=refresh_token ``` ### Step 2: Token Refresh Security ```typescript // Always use HTTPS for token exchange // Store refresh tokens encrypted at rest // Rotate refresh tokens on each use (Hootsuite returns new ones) async function secureRefresh(refreshToken: string) { const res = await fetch('https://platform.hootsuite.com/oauth2/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': `Basic ${Buffer.from(`${process.env.HOOTSUITE_CLIENT_ID}:${process.env.HOOTSUITE_CLIENT_SECRET}`).toString('base64')}`, }, body: new URLSearchParams({ grant_type: 'refresh_token', refresh_token: refreshToken }), }); const tokens = await res.json(); // Store new refresh_token, discard old one return tokens; } ``` ### Step 3: Security Checklist - [ ] Client secret in secrets vault, never in code - [ ] Access tokens never logged or exposed - [ ] Refresh tokens stored...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI OAuth · Auth

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

hubspot-security-basics

Apply HubSpot security best practices for tokens, scopes, and webhook verification. Use when securing private app tokens, implementing least privilege scopes, or validating HubSpot webhook signatures. Trigger with phrases like "hubspot security", "hubspot token rotation", "secure hubspot", "hubspot scopes", "hubspot webhook verify".

2,266 Updated today
jeremylongshore
AI & Automation Featured

hootsuite-install-auth

Install and configure Hootsuite SDK/CLI authentication. Use when setting up a new Hootsuite integration, configuring API keys, or initializing Hootsuite in your project. Trigger with phrases like "install hootsuite", "setup hootsuite", "hootsuite auth", "configure hootsuite API key".

2,266 Updated today
jeremylongshore
AI & Automation Featured

salesloft-security-basics

Secure SalesLoft OAuth tokens, API keys, and webhook signatures. Use when implementing token rotation, securing webhook endpoints, or auditing SalesLoft API access controls. Trigger: "salesloft security", "salesloft secrets", "secure salesloft", "salesloft token rotation".

2,266 Updated today
jeremylongshore
AI & Automation Featured

adobe-security-basics

Apply Adobe security best practices for OAuth credentials, secret rotation, I/O Events webhook signature verification, and least-privilege scoping. Use when securing API credentials, implementing webhook validation, or auditing Adobe security configuration. Trigger with phrases like "adobe security", "adobe secrets", "secure adobe", "adobe credential rotation", "adobe webhook signature".

2,266 Updated today
jeremylongshore
AI & Automation Featured

hex-security-basics

Apply Hex security best practices for secrets and access control. Use when securing API keys, implementing least privilege access, or auditing Hex security configuration. Trigger with phrases like "hex security", "hex secrets", "secure hex", "hex API key security".

2,266 Updated today
jeremylongshore