Skill

hootsuite-security-basics

Applies Hootsuite security best practices for OAuth tokens, secrets storage, refresh logic, and access control checklists. Use when securing API keys or auditing configurations.

Typescript

Bash

security

authentication

npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin hootsuite-pack

Tool Access

This skill is limited to using the following tools:

ReadWriteGrep

Preview

| Credential | Scope | Rotation |

SKILL.md

Similar Skills

hootsuite-install-auth

1.9k

Configures Hootsuite OAuth 2.0 for REST API with app registration, .env setup, and TypeScript code for authorization flow, token exchange, and refresh.

6 tools

hootsuite-pack

hubspot-security-basics

1.9k

Applies HubSpot security best practices: least-privilege scopes, private app token storage/validation, and v3 webhook signature verification with HMAC SHA-256.

3 tools

hubspot-pack

intercom-security-basics

1.9k

Secures Intercom integrations with token storage best practices, HMAC-SHA1 webhook verification in Node.js/Express, identity hashes, and minimal OAuth scopes.

3 tools

intercom-pack

Stats

Parent Repo Stars1854

Parent Repo Forks248

Last CommitMar 22, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Hootsuite Security Basics

Credential Inventory

Credential

Scope

Rotation

Client ID

App-level

Never (app identifier)

Client Secret

App-level

Rotate if compromised

Access Token

User session

Auto-expires (~1 hour)

Refresh Token

User session

Rotate on each refresh

Instructions

Step 1: Secure Token Storage

# .env (never commit) HOOTSUITE_CLIENT_ID=app_client_id HOOTSUITE_CLIENT_SECRET=app_secret HOOTSUITE_ACCESS_TOKEN=current_token HOOTSUITE_REFRESH_TOKEN=refresh_token

Step 2: Token Refresh Security

// Always use HTTPS for token exchange // Store refresh tokens encrypted at rest // Rotate refresh tokens on each use (Hootsuite returns new ones) async function secureRefresh(refreshToken: string) { const res = await fetch('https://platform.hootsuite.com/oauth2/token', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Authorization': `Basic ${Buffer.from(`${process.env.HOOTSUITE_CLIENT_ID}:${process.env.HOOTSUITE_CLIENT_SECRET}`).toString('base64')}`, }, body: new URLSearchParams({ grant_type: 'refresh_token', refresh_token: refreshToken }), }); const tokens = await res.json(); // Store new refresh_token, discard old one return tokens; }

Step 3: Security Checklist

Client secret in secrets vault, never in code

Access tokens never logged or exposed

Refresh tokens stored encrypted

HTTPS for all OAuth requests

Pre-commit hook blocks HOOTSUITE_ credential leaks

Separate OAuth apps for dev/staging/prod

Resources

Next Steps

For production, see hootsuite-prod-checklist.