Build on ZetPin — the hyperlocal OAuth 2.0 API
Act on behalf of ZetPin users with a standard OAuth 2.0 + PKCE flow: publish posts to their neighborhood, read their content, and pull engagement analytics. One security model for first-party and third-party apps alike.
Base URLhttps://api.zetpin.com/dev/v1
Four steps from redirect to published post
A textbook authorization-code flow with PKCE. If you've integrated any OAuth 2.0 provider, this will feel familiar.
Send the user to authorize
Redirect to /oauth/authorize with your client_id, scopes and a PKCE challenge. The user signs in and approves on ZetPin.
Exchange the code for tokens
ZetPin redirects back with a one-time code. POST it to /oauth/token to receive a zpat_ access token and zprt_ refresh token.
Call the API as the user
Use the Bearer access token against /dev/v1 — read their profile, list posts, and pull per-post analytics.
Publish hyperlocal posts
POST /dev/v1/posts to publish to the user's neighborhood. You get back a permalink on zetpin.com.
Ask for exactly what you need
Request scopes space-separated on authorize. The user sees each one on the consent screen and the granted set comes back on the token.
profile.readBasic profile: name, photo, karma, neighborhood.
posts.readList and read the user's own posts.
posts.writePublish and delete posts on the user's behalf.
analytics.readPer-post engagement metrics — likes and comments.
Publish your first post in two calls
Swap the authorization code for tokens, then POST a post. You get back a permalink on zetpin.com.
# 1. Exchange the authorization code for tokens
curl -X POST https://api.zetpin.com/oauth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d grant_type=authorization_code \
-d code=zpac_a1b2c3... \
-d redirect_uri=https://yourapp.com/callback \
-d client_id=zp_app_xxx \
-d code_verifier=<pkce_code_verifier>
# 2. Publish a post on the user's behalf
curl -X POST https://api.zetpin.com/dev/v1/posts \
-H "Authorization: Bearer zpat_xxx" \
-H "Content-Type: application/json" \
-d '{"content":"Fresh sourdough at the Saturday market ☀️","reachKm":3}'Ready to integrate?
App registration is admin-managed today. Email us to get a client_id and client_secret for your integration — a self-serve developer dashboard is on the roadmap.
Browse the full documentation to see every endpoint, scope, and error code.