Store your own client_id and client_secret for a platform. The secret is
encrypted at rest. To use the Connect flow, also set allowed_return_urls, the
list of URLs the flow is permitted to redirect your users back to.
POST
/v1/oauth-appsAPI key (dra_…) or dashboard JWT
Create a BYOK OAuth app config (your client_id/client_secret). The secret is encrypted and never returned.
Body & query parameters
platformstringrequiredinstagram | facebook | x | linkedin | tiktok.
namestringrequired1 to 120 chars.
client_idstringrequiredYour app's client id / client key.
client_secretstringrequiredYour app's client secret (stored encrypted).
allowed_return_urlsstring[]Allowlist (up to 20) of URLs the Connect flow may redirect users back to. Matched by origin + path prefix.
const response = await fetch("https://api.dravo.dev/v1/oauth-apps", { method: "POST", headers: { "Authorization": "Bearer " + process.env.DRAVO_API_KEY, "Content-Type": "application/json",}, body: JSON.stringify({ "platform": "x", "name": "My X App", "client_id": "…", "client_secret": "…", "allowed_return_urls": [ "https://app.acme.com/connect" ]})});const data = await response.json();console.log(data);{ "id": "oa_1", "platform": "x", "redirect_uri": "https://api.dravo.dev/v1/oauth/x/callback", "scopes": [ "tweet.write", "tweet.read", "users.read", "offline.access", "media.write" ], "allowed_return_urls": [ "https://app.acme.com/connect" ]}