How to access, create, find and manage my Sprout Social API Token?

The below article shows offers instructions on how to access, create, find and manage your API token/key/code (Application Programming Interface), who can access and generate the API Token/Key/Code, and security best practices when sharing your API code with a third party.

What is an API Token/Code/Key?

An API token is a unique string of letters and numbers that acts like a password for a computer program. It allows different software applications to securely talk to each other and share information without you having to share your actual login details.

For example, when you connect another application to Sprout, an API token is often used to grant that application permission to access specific data or perform certain actions in your Sprout account, ensuring a secure and controlled connection.

How do I create or find my Sprout Social API Token/Code/Key?

To find your token, follow these steps:

1. Navigate to your Account and Settings by clicking on your name in the bottom left corner of the Sprout Social platform.
2. Under Global Features, select API.
3. In the API Token Management section, you can view existing tokens or generate a new one by clicking Generate API Token.

Who can access the API Token/Code/Key?

Access to the Sprout Social API is not available to all users. Here are the requirements:

• Plan Type: Your account must be on an Advanced plan to include API access. If you're unsure about your plan's features, you can check out this article to view which Sprout Social subscription plan you’re currently on.
• User Permissions: To generate and manage API tokens, a user must have the API Permissions entitlement. This permission can be granted by an Account Owner. It's recommended to follow the principle of least privilege, granting API access only to users who require it for their roles.

Will my API Token/Code/Key expire?

While the API Token does not have a fixed expiration period, it's important to treat it as a sensitive piece of credential. For enhanced security, we recommend periodically regenerating API tokens and whenever you suspect a compromise has occurred.

What other best practices should I consider when managing the API Token/Code/Key?

• Secure Storage: Store API tokens securely. Avoid embedding them directly in code or committing them to public code repositories. Use secure server-side storage or a secrets management system.
• Principle of Least Privilege: Ensure the integration only requests the permissions it absolutely needs to function.
• Input Sanitization: Sanitize all data passed to the Sprout Social API to prevent injection attacks.
• HTTPS Enforcement: Always use HTTPS to encrypt data in transit between your application and the Sprout Social API.
• Regular Audits: Regularly review the applications connected to your Sprout account and revoke access for any tools that are no longer in use.
• IP Allowlisting: For an additional layer of security, consider using Sprout's IP allowlisting feature to restrict API access to a specific set of IP addresses.
• Multi-Factor Authentication (MFA): Secure the Sprout accounts of users with API access by enabling MFA.

What tools can I connect with Sprout Social using my API Token/Code/Key?

The Sprout Social API enables connections with a wide array of tools, allowing you to build a more integrated and powerful tech stack. Here are some examples of the types of applications you can connect:

• Business Intelligence (BI) and Data Visualization Tools: Tableau and Salesforce to create custom dashboards and reports.
• CRM and Lead Generation Platforms: Salesforce, HubSpot, to sync customer data and social interactions.
• Help Desk and Customer Support Software: Zendesk, Hubspot, Microsoft Dynamics and Salesforce Service Cloud to create a unified view of customer conversations.
• Workflow and Digital Asset Management (DAM) Tools: Canva, Slack, Dropbox, Google Drive, Adobe Experience Manager, Microsoft Teams, Opal, Slate and Bynder, to automate tasks and streamline content workflows.

FAQs

I need access to my API token/code/key. Where can I find the API token/code/key?

You can find your API token in your Sprout Social account settings. Navigate to Account and settings > Global Features > API.

I do not see the API connections option my settings menu, why is that?

Access to the API is based on your Sprout plan and user permissions. You may not have the necessary plan, or your user role may not have the "API Permissions" entitlement. Please contact your Sprout Social Account Owner to request access.

Do Sprout Social API tokens expire?

While there isn't a defined expiration period for the API tokens, for security purposes, we recommend regenerating them periodically and immediately if you suspect a compromise.

What should I do if my API token is exposed?

If you believe your API token has been exposed or compromised, you should immediately go to the API settings in Sprout and revoke the existing token. Then, generate a new token and update any applications that were using the old one.

What kind of data can I access with the Sprout API?

The Sprout API provides access to your own social profile data, including profile information, post-level data, and analytics. For detailed information on the available data points, please refer to the official Sprout Social API documentation.

Can I use the API to publish content?

Yes, the Sprout API has endpoints that allow you to publish content. Please consult the Developer/API documentation for specific capabilities, requirements and limitations.