Security
Social media security — secure by design.
Social media security at OneBridge Social means OAuth 2.0 with PKCE, AES-256-GCM encrypted tokens at rest, and responsible disclosure for researchers.
Authentication
Sign-in via email OTP or Google. Session tokens are stored client-side and validated by the API.
Platform tokens
Access and refresh tokens for connected networks are encrypted at rest (AES-256-GCM) in your workspace database.
OAuth practices
Where supported, we use OAuth 2.0 with PKCE. Tokens are rotated automatically when platforms allow.
Responsible disclosure
Found a vulnerability? Email support@onebridgesocial.com with details — we take reports seriously.
How we approach social media security
Social media security starts with never asking for platform passwords. OneBridge Social connects accounts through OAuth so you can revoke access anytime from the network’s own settings.
Tokens live in your workspace database encrypted with AES-256-GCM. Only your authenticated session can trigger publishes — we do not share tokens across customers or workspaces.
PKCE protects authorization flows on supported platforms, reducing interception risk on public clients. We rotate refresh tokens when providers allow automatic rotation.
Operational logs for abuse prevention may include IP addresses briefly — see our privacy policy for retention. Researchers should include reproduction steps and impact when reporting issues.