ZetPinDevelopers
ZetPin Developer API · v1

Build on ZetPin — the hyperlocal OAuth 2.0 API

Act on behalf of ZetPin users with a standard OAuth 2.0 + PKCE flow: publish posts to their neighborhood, read their content, and pull engagement analytics. One security model for first-party and third-party apps alike.

Base URLhttps://api.zetpin.com/dev/v1

How it works

Four steps from redirect to published post

A textbook authorization-code flow with PKCE. If you've integrated any OAuth 2.0 provider, this will feel familiar.

Step 1

Send the user to authorize

Redirect to /oauth/authorize with your client_id, scopes and a PKCE challenge. The user signs in and approves on ZetPin.

Step 2

Exchange the code for tokens

ZetPin redirects back with a one-time code. POST it to /oauth/token to receive a zpat_ access token and zprt_ refresh token.

Step 3

Call the API as the user

Use the Bearer access token against /dev/v1 — read their profile, list posts, and pull per-post analytics.

Step 4

Publish hyperlocal posts

POST /dev/v1/posts to publish to the user's neighborhood. You get back a permalink on zetpin.com.

Scopes

Ask for exactly what you need

Request scopes space-separated on authorize. The user sees each one on the consent screen and the granted set comes back on the token.

profile.read

Basic profile: name, photo, karma, neighborhood.

posts.read

List and read the user's own posts.

posts.write

Publish and delete posts on the user's behalf.

analytics.read

Per-post engagement metrics — likes and comments.

Quickstart

Publish your first post in two calls

Swap the authorization code for tokens, then POST a post. You get back a permalink on zetpin.com.

PKCE is mandatory for public clients. Tokens are stored only as sha256 hashes and refresh tokens rotate on every use.
bash
# 1. Exchange the authorization code for tokens
curl -X POST https://api.zetpin.com/oauth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d grant_type=authorization_code \
  -d code=zpac_a1b2c3... \
  -d redirect_uri=https://yourapp.com/callback \
  -d client_id=zp_app_xxx \
  -d code_verifier=<pkce_code_verifier>

# 2. Publish a post on the user's behalf
curl -X POST https://api.zetpin.com/dev/v1/posts \
  -H "Authorization: Bearer zpat_xxx" \
  -H "Content-Type: application/json" \
  -d '{"content":"Fresh sourdough at the Saturday market ☀️","reachKm":3}'

Ready to integrate?

App registration is admin-managed today. Email us to get a client_id and client_secret for your integration — a self-serve developer dashboard is on the roadmap.

Browse the full documentation to see every endpoint, scope, and error code.