Skip to main content

Overview

This guide explains how to use Snag’s social integration API to let your users connect their social accounts to their Snag profile. After creating a user in Snag (as explained in Managing User Accounts), you can use the social authentication endpoints to connect various social platforms to that user’s profile.
You must first create a user using the Managing User Accounts guide to obtain a userId before connecting social accounts. The userId parameter required for all social account connections comes from the user creation endpoint response.

Supported Social Platforms

Snag supports connecting the following social platforms:
  • Twitter
  • Discord
  • Telegram
  • Epic Games
  • Steam
  • Google
  • Tiktok
  • Email
  • Reddit
  • Phone

Connecting a Social Account

Endpoint

Where {authType} is one of: twitter, discord, telegram, epic, steam , google , Reddit or tiktok.

Query Parameters

Security Note regarding Redirect URIsTo simplify integration, we allow unvalidated redirect URIs when using the API. This means you can set the redirect URL to any destination.Since this endpoint is protected by your API key, only authorized requests can initiate the flow with a custom redirect. However, because the redirect URL can be set to anything, it is your responsibility to ensure that you do not include sensitive data in the URL parameters.

Example Request

Authentication Flow

  1. Call the /api/{authType}/auth endpoint with the required parameters
  2. The API will return a URL that you should redirect your user to
  3. The user will authenticate with the social platform and grant permissions
  4. After successful authentication, the user will be redirected to the URL specified in the redirect parameter
  5. The social account is now connected to the user’s Snag profile

Connecting Email

Use this flow to associate and verify a user’s email with their Snag profile.

Endpoint

Query Parameters

Headers

  • x-api-key: Required.

Flow

1

Initiate email verification

Call the endpoint with emailAddress (and optional redirect). This stores the pending email on the user’s metadata and sends a verification email containing a secure link.
2

User clicks verification link

The email contains a link to GET /api/email/auth/connect?token=.... Snag validates the token and verifies the email.
3

Handle the final redirect

After verification, the user is redirected to your redirect URL (or a default verification page) with a status:
  • status=SUCCESS on success
  • status=EXPIRED if the link expired
  • status=INVALID and error=INVALID_CODE for invalid tokens
Example: https://your-app.com/email-verified?status=SUCCESS

Handling Email Account Conflicts

If the email is already verified for another user on the same website, the user is redirected to your redirect with error=MAXIMUM_ACCOUNT_LINKED. Handle this scenario the same way as described in Handling Social Account Conflicts.

Connecting Phone

Use this flow to associate and verify a user’s phone number with their Snag profile. Phone verification uses Twilio Verify to send an OTP code via SMS.
Phone numbers must be in E.164 format (e.g., +14155552671). This is the international phone number format required by Twilio.

Step 1: Send Verification Code

Endpoint

Headers

  • x-api-key: Required.
  • Content-Type: application/json

Body Parameters

Step 2: Verify OTP Code

Endpoint

Headers

  • x-api-key: Required.
  • Content-Type: application/json

Body Parameters

Flow

1

Send verification code

Call POST /api/phone/auth with the phone number. Snag sends an OTP code to the user via SMS using Twilio Verify.
2

User receives SMS code

The user receives a 6-digit OTP code via SMS on their phone.
3

Verify the code

Call POST /api/phone/auth/connect with the phone number and the OTP code. Snag verifies the code with Twilio and connects the phone number to the user’s profile.

Disconnecting Phone

To disconnect a phone number from a user’s profile:

Handling Phone Account Conflicts

If the phone number is already verified for another user on the same website, the verify endpoint returns error: 'MAXIMUM_ACCOUNT_LINKED' in the response body:
Handle this scenario the same way as described in Handling Social Account Conflicts.

Handling Social Account Conflicts

If the social account is already associated with a different user, the redirect URL will include two query parameters:
  1. error = 'MAXIMUM_ACCOUNT_LINKED' - Indicates that the account is already linked to another user
  2. accountLinkData - A JWT verification token that contains the necessary information to process the account transfer
In this case, you should:
  1. Display a confirmation prompt to the user asking if they want to disconnect the account from the other user and link it to their current profile
  2. If the user confirms, make a POST request to /api/users/verify with the following payload:
This will:
  • Disconnect the social account from the previous user
  • Connect it to the current user’s profile

Google OAuth YouTube Channel Errors

When using Google OAuth, if the user’s YouTube channel does not exist, the API will return an error with error = 'YOUTUBE_CHANNEL_NOT_FOUND'. This typically happens when:
  • The user has never created a YouTube channel
  • The YouTube channel was deleted or suspended
  • The user’s Google account doesn’t have YouTube access
To handle this error, you should:
  1. Display a user-friendly message explaining that a YouTube channel is required
  2. Prompt the user to create a YouTube channel first
  3. Provide instructions on how to create a YouTube channel
  4. Allow the user to retry the Google OAuth flow after creating their channel
YouTube channels are automatically created when users upload their first video or customize their channel. Users can also manually create a channel by visiting youtube.com and following the setup prompts.

Google OAuth Requirements

When using Google OAuth integration, whether with Snag’s default OAuth application or your own custom OAuth application, you need to ensure the following permissions (scopes) are configured:
  • https://www.googleapis.com/auth/youtube.readonly - Required to read YouTube channel information
  • https://www.googleapis.com/auth/userinfo.email - Required to access user email address
  • https://www.googleapis.com/auth/userinfo.profile - Required to access user profile information
Google requires verification of OAuth applications that request sensitive scopes. If you’re using your own custom OAuth application, you must complete the verification process in the Google Cloud Console before the OAuth flow will work properly. This verification process can take several days to complete.Contact the Snag team if you need assistance with the Google OAuth verification process or if you’re experiencing issues with Google authentication.

Example Implementation with Conflict Handling

Example Tiktok Implementation

Example Reddit Implementation

Reddit integration only supports JSON response type. The redirect parameter and responseType=redirect are not supported for Reddit authentication.

Example Implementation

Response Handling

Success Response (200 OK)

The url property contains the authentication URL that you should redirect your user to.

Custom OAuth Applications

Snag allows you to use your own OAuth applications for Twitter, Discord, Epic Games, Google, and Steam integrations. This enables you to maintain your brand identity throughout the authentication flow and have more control over the user experience. To configure your own OAuth credentials, navigate to the Integrations tab in your admin dashboard and enter your client ID and client secret for the desired platform. The changes take effect immediately for all new authentication requests. You will also need to add the following redirect URLs to your OAuth application:
  • https://snag-render.com/api/twitter/auth/callback
  • https://snag-render.com/api/discord/auth/callback
  • https://snag-render.com/api/epic/auth/callback
  • https://snag-render.com/api/steam/auth/callback
  • https://snag-render.com/api/google/auth/callback

Google OAuth Application Setup

When configuring a custom Google OAuth application, ensure your OAuth consent screen includes the following required scopes:
  • https://www.googleapis.com/auth/youtube.readonly
  • https://www.googleapis.com/auth/userinfo.email
  • https://www.googleapis.com/auth/userinfo.profile
Google requires verification of OAuth applications requesting sensitive scopes. You must complete the verification process in the Google Cloud Console before your custom OAuth application will work. The verification process typically takes several days and may require additional documentation about your application’s use of these scopes.

Troubleshooting

403 Forbidden Response

If you receive a 403 Forbidden response when attempting to connect a social account, check the following:
Ensure you’re including the x-api-key header in your request with a valid API key. The API key must be associated with your Snag account and have the necessary permissions.
Verify that the userId you’re using:
  • Was obtained from the user creation endpoint
  • Uses the userId field from the response, not the id field
  • Is a valid UUID format
  • Belongs to a user that exists in your Snag account
  • Is associated with the same website/account as your API key
Make sure to use userId from the user creation response, not id. Using id instead of userId will result in a 403 Forbidden error.
If you haven’t created the user yet, follow the Managing User Accounts guide first.
Your API key may not have the required permissions to connect social accounts. Contact the Snag team to verify your API key has the necessary scopes enabled.
If you’re using a websiteId parameter, ensure it matches the website associated with your API key and the user’s account. Mismatched website IDs can result in 403 errors.

Next Steps

After connecting social accounts, you can use this information to enhance the user experience in your application and leverage it for loyalty program features.