How to Build a White-Label Social Media Tool with CodivUpload's API

What is the whitelabel API?

The core idea is straightforward: your brand sits in front of the client, and CodivUpload's engine runs behind the scenes. Every API response, every connection page, every redirect URL — none of it mentions CodivUpload. Your clients see your company name, your logo, and your domain. They never encounter ours.

This isn't a separate add-on or an enterprise-only feature gated behind a sales call. Whitelabel access is included in every Pro plan ($45/mo) and above. You get the full API surface — 50+ parameters for fine-grained control over posts, platform-specific overrides, media handling, and scheduling — without writing a single OAuth integration yourself.

The whitelabel API serves three primary audiences, each with a different motivation:

Agencies

Manage 200+ client social profiles from a single dashboard. Generate branded connection links so clients never leave your ecosystem. Publish to all 12 platforms on their behalf.

SaaS builders

Add social media scheduling to your product in a weekend. No need to apply for platform developer access, build OAuth flows, or manage token refresh logic. Ship the feature, not the plumbing.

Freelancers

Offer managed social media services under your own brand. Clients connect their accounts through your link, you publish content via the API or dashboard. Professional setup, solo operation.

How the branded connection flow works

The connection flow is how your clients authorize their social accounts without ever seeing CodivUpload. It uses a JWT-based share link that you generate from the dashboard or via the API. Here's the full sequence:

Open the Profiles page

Navigate to Profiles in your CodivUpload dashboard. Find the profile you want to share and click the Share button.

Select platforms

A multi-select dialog appears. Choose which platforms the client should connect — TikTok, Instagram, YouTube, LinkedIn, or any combination of the 9 supported networks.

Configure branding

Enter your logo URL (required), redirect URL (required), and optionally a custom page title, description, and button text. You can also toggle calendar visibility and read-only mode. Every element the client sees is yours — the default title is "Connect Social Media Accounts" and the default button is "Continue", but both are overridable.

Add YouTube BYOP credentials (optional)

If the client is connecting YouTube and you want dedicated API quota, paste your GCP project's Client ID and Client Secret. These credentials are embedded in the JWT — the client's YouTube OAuth will route through your GCP project, and all uploads will count against your private quota instead of CodivUpload's shared pool.

Generate the link

Click Generate Link. CodivUpload creates an HS256-signed JWT URL valid for exactly 48 hours (172,800 seconds). The URL format is https://app.codivupload.com/connect?token=eyJ... — the token encodes your workspace ID, profile ID, branding config, and platform selection. Copy the full URL.

Share with the client

Send the link via email, Slack, your onboarding flow, or embed it programmatically in your product. When the client opens it, they see a fully branded page — your logo at the top, your title, your description, and connect buttons for only the platforms you selected. No CodivUpload branding appears anywhere on the page.

Client connects their accounts

The client clicks each platform's Connect button, completes the OAuth flow (which opens the platform's own authorization screen), and returns to the connection page. Once all platforms are authorized, the client clicks the redirect button and lands on your redirect URL. Their OAuth tokens are encrypted with AES-256-GCM and stored server-side. You can now publish to their accounts via the API.

Every element of the connection page is customizable. Here are the fields you control:

FieldRequiredDescription

Logo URLlogo_image

YesYour company logo displayed on the connection page

Redirect URLredirect_url

YesWhere the client lands after connecting their accounts

Page Titleconnect_title

NoCustom heading (default: "Connect Social Media Accounts")

Descriptionconnect_description

NoCustom description text below the heading

Button Textredirect_button_text

NoLabel on the success/redirect button (default: "Continue")

Platformsplatforms

NoArray of platform slugs to show. Omit for all 12 platforms

Show Calendarshow_calendar

NoDisplay the post scheduler calendar on the connection page

Read-Only Calendarreadonly_calendar

NoRestrict the calendar to view-only mode if displayed

YouTube Client IDyoutube_client_id

NoYour GCP project Client ID for dedicated YouTube quota (BYOP)

YouTube Client Secretyoutube_client_secret

NoYour GCP project Client Secret for dedicated YouTube quota (BYOP)

YouTube BYOP credentials in the share link

When you include youtube_client_id and youtube_client_secret in the JWT generation request, the resulting connection page will use your dedicated GCP project for YouTube OAuth. All uploads from this client's YouTube channel will count against your private API quota instead of the shared pool — critical for agencies managing high-volume YouTube channels with daily uploads.

The whitelabel flow at a glance

Three screens, three perspectives. Here's what each party sees during the connection process — from your dashboard to the client's branded page.

1Your Dashboard

Profile

TechStartup Co

Platforms

TikTok

Instagram

YouTube

Logo URL

https://techstartup.co/logo.png

Generate Link

2Generated Link

JWT Share Link

https://app.codivupload.com /connect?token=eyJhbGciOi JIUzI1NiIsInR5cCI6IkpXVC J9.eyJzdWIiOiJ0ZWNoc3Rh...

Copy to clipboard

Expires48 hours

Platforms3 selected

BrandingCustom

3Client Sees

Connect Your Channels

Link your social accounts

TikTok

Connect

Instagram

YouTube

Connect

Secured by TechStartup Co

Zero CodivUpload branding at every step

The connection page in step 3 is what your client actually sees in their browser. Your logo, your title, your redirect URL. No "Powered by CodivUpload" footer, no CodivUpload favicon, no reference to our infrastructure anywhere in the page source. The JWT token in the URL is opaque to the client — it decodes server-side to identify the profile and workspace, never exposing internal identifiers to the browser.

Publishing on behalf of clients via the API

Once a client has connected their accounts through your branded link, you can publish to their platforms with a single API call. The profile_name field identifies which client profile to publish under. CodivUpload handles token selection, platform-specific formatting, and media delivery for each target network.

Here's a typical publish call. This posts the same video to TikTok, Instagram Reels, and LinkedIn — each platform receives the content in its native format:

POST /v1/posts

{
  "profile_name": "acme-corp-social",
  "platforms": ["tiktok", "instagram", "linkedin"],
  "media_urls": ["https://cdn.acmecorp.com/q3-recap.mp4"],
  "description": "Q3 results: 847K revenue, 23% growth."
}

The API supports 50+ parameters for platform-specific overrides — Instagram alt text, YouTube privacy status, TikTok disclosure settings, LinkedIn article URLs, Pinterest board targeting, and more. Every parameter is documented in the API reference.

You can also generate branded connection links programmatically. This is useful if you're building an onboarding flow in your own product and want to create the link server-side:

POST /v1/agency/profiles/generate-jwt — Request

{
  "username": "client_brand",
  "platforms": ["youtube", "tiktok", "instagram"],
  "logo_image": "https://yourdomain.com/logo.png",
  "redirect_url": "https://yourdomain.com/onboarding/success",
  "connect_title": "Connect Your Channels",
  "connect_description": "Link your social accounts to start publishing.",
  "redirect_button_text": "Back to Dashboard",
  "youtube_client_id": "123456789.apps.googleusercontent.com",
  "youtube_client_secret": "GOCSPX-xxxxxxxxxxxx"
}

The username field identifies which profile to bind the connection to. All fields except username are optional — but logo_image and redirect_url are required for a properly branded experience.

200 OK — Response

{
  "success": true,
  "access_url": "https://app.codivupload.com/connect?token=eyJhbGciOiJI...",
  "expires_in": 172800
}

Response fields explained

access_url

The full signed URL your client opens in their browser. The JWT token is embedded as a query parameter. The URL resolves to a branded connection page showing your logo, your title text, and only the platforms you specified. The client never sees CodivUpload's name anywhere on this page.

expires_in

Time-to-live in seconds — always 172,800 (48 hours). After expiry, the link returns a 401 and the client must request a new one. This prevents stale links from being reused after the intended onboarding window.

success

Boolean confirming the JWT was generated and the profile was validated against your workspace.

Pricing — flat rate, no per-client fees

One of the most common questions about whitelabel APIs is whether there's a per-client or per-connection surcharge. With CodivUpload, there isn't. You pay for a plan, the plan includes a set number of profiles, and whitelabel is bundled in. No separate line item, no usage-based billing surprises.

Pro

$45/mo

25 profiles included. Whitelabel API access, branded connection links, all 12 platforms, 50+ post parameters, scheduling, and media handling. Ideal for freelancers and small agencies getting started.

Business

$140/mo

75 profiles included. Additional profiles at $1.50 each. Everything in Pro plus higher rate limits, priority support, and team member access. Built for mid-size agencies managing a growing client roster.

Enterprise

$400/mo

250 profiles included. Additional profiles at $1 each — scale to unlimited. Dedicated support, custom SLA, MCP (Model Context Protocol) integration for AI-powered publishing workflows, and live streaming capabilities.

What the whitelabel API includes

This isn't a stripped-down "whitelabel tier" with limited functionality. Every whitelabel customer gets the full platform. Here's what that means concretely:

12 platforms

Twitter/X, Instagram, Facebook, YouTube, TikTok, Threads, LinkedIn, Bluesky, Pinterest, Google Business Profile, Snapchat

50+ post parameters

Platform-specific overrides for privacy, visibility, alt text, boards, disclosure, and more

Zero branding

No CodivUpload name, logo, or reference in API responses, connection pages, or client-facing surfaces

Branded connection pages

Your logo, your redirect, your copy — fully customizable per-link

Media handling

Pass any public URL or upload via /v1/upload-media. CDN delivery, format conversion, platform-native encoding

Scheduling

Schedule posts for any future time. Timezone-aware. Supports recurring patterns via the API

MCP support

Model Context Protocol integration for AI agents — publish social content from Claude, GPT, or any MCP-compatible tool

Live streaming

24/7 RTMP streaming to YouTube, Facebook, and Twitch. Binary-grade media handling via dedicated infrastructure

Security

How client tokens and credentials are protected

When a client connects their social accounts through your branded link, their OAuth tokens are encrypted using AES-256-GCM before storage. Each profile's tokens are isolated — a compromise of one profile cannot expose tokens belonging to another. Decryption happens only at the moment of publishing, entirely server-side, and the plaintext never appears in logs, API responses, or admin interfaces.

AES-256-GCM encryption

Industry-standard authenticated encryption for all stored OAuth tokens, API keys, and BYOP credentials

Per-profile token isolation

Each profile's tokens are encrypted with unique parameters — no shared key material between profiles

JWT link expiry

Branded connection links expire after 48 hours. Expired links cannot be used to initiate OAuth flows

Instant revocation

Disconnect any platform or delete a profile — stored tokens are wiped immediately, not soft-deleted

No third-party sharing

Client social media data is never sold, shared, or used for advertising. Token access is strictly operational