Posta is for creators, solo founders and small marketing teams who post regularly across multiple platforms and are tired of manually resizing, re-exporting and re-uploading content.

Will you support direct publishing?

Yes. The beta focuses on creating perfect, platform-ready assets. Direct publishing and scheduling to selected platforms will roll out step by step.

How is this different from existing tools?

Posta goes deeper on media intelligence – face detection, safe crops and smart compression – instead of just duplicating your post across platforms.

Can I influence the roadmap?

Yes. Early users help shape integrations, workflow and pricing. Tell us how you work and what your current stack looks like when you request access.

Can I post to social media from the terminal or IDE?

Yes. Posta has a Claude Code skill that lets you create, schedule and publish social media posts directly from your terminal or IDE using natural language commands.

Posta API and Webhooks

Posta exposes a REST API for creating, scheduling, and publishing social media posts across LinkedIn, TikTok, Instagram, YouTube, Pinterest, Facebook, X (Twitter), Bluesky, and Threads. Bearer-token auth, full OpenAPI 3.0 spec, outbound HMAC-signed webhooks — available on every paid tier, no enterprise contract required.

Open Swagger UI Download OpenAPI YAML

Authentication

Generate an API token in Settings → API Tokens. Tokens are prefixed with posta_ and can be revoked at any time. Send the token on every request as a Bearer header:

Authorization: Bearer posta_xxxxxxxxxxxxxxxx

Tokens are bound to your user account and inherit your plan's rate limits and feature access. Treat them like passwords — never commit one to a public repository.

Top endpoints

These five endpoints cover the most common automation flows. The full surface (analytics, social accounts, media uploads, OAuth state, etc.) is documented in the Swagger UI.

POST/v1/posts

Create a post (draft)

curl -X POST https://api.getposta.app/v1/posts \
  -H "Authorization: Bearer posta_..." \
  -H "Content-Type: application/json" \
  -d '{
    "caption": "Shipping today!",
    "socialAccountIds": [42, 99],
    "mediaIds": ["b3c5..."]
  }'

POST/v1/posts/:id/schedule

Schedule a draft for a future time

curl -X POST https://api.getposta.app/v1/posts/POST_ID/schedule \
  -H "Authorization: Bearer posta_..." \
  -H "Content-Type: application/json" \
  -d '{ "scheduledAt": "2026-06-01T09:00:00Z" }'

POST/v1/posts/:id/publish

Publish a draft immediately

curl -X POST https://api.getposta.app/v1/posts/POST_ID/publish \
  -H "Authorization: Bearer posta_..."

GET/v1/posts/:id/comments

List cached comments on a post (LinkedIn, TikTok)

curl https://api.getposta.app/v1/posts/POST_ID/comments \
  -H "Authorization: Bearer posta_..."

POST/v1/webhook-endpoints

curl -X POST https://api.getposta.app/v1/webhook-endpoints \
  -H "Authorization: Bearer posta_..." \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-app.example.com/posta-webhook",
    "events": ["post.published", "post.failed"]
  }'

Outbound webhooks

Register a webhook endpoint to receive HMAC-signed event callbacks when posts move through their lifecycle. Posta retries failed deliveries up to 5 times with exponential backoff (30s, 60s, 120s, 240s, 480s).

Event types:

post.scheduled — A post was scheduled for a future time.
post.processing — The publisher worker picked up a scheduled post.
post.published — A post completed successfully across all platforms.
post.partially_published — A post succeeded on some platforms and failed on others.
post.failed — A post failed on every platform.
post.result.success — One per-platform result completed successfully.
post.result.failed — One per-platform result failed.

Example webhook payload:

POST https://your-app.example.com/posta-webhook
Content-Type: application/json
User-Agent: Posta-Webhooks/1.0
X-Posta-Event: post.result.success
X-Posta-Delivery: 9f1a2b...
X-Posta-Timestamp: 2026-05-27T10:00:00Z
X-Posta-Signature: <HMAC SHA-256 of "timestamp.body" (hex)>

{
  "post": { "id": "7a8b..." },
  "result": {
    "platform": "linkedin",
    "status": "success",
    "platform_post_id": "urn:li:share:71...",
    "platform_post_url": "https://www.linkedin.com/feed/update/...",
    "published_at": "2026-05-27T10:00:00Z"
  }
}

Verify the signature by computing HMAC-SHA256(secret, timestamp + "." + body) as a hex digest and comparing it to the X-Posta-Signature header. The timestamp is the value of the X-Posta-Timestamp header (an ISO 8601 datetime string) and body is the raw, byte-for-byte request body — don't re-serialize the JSON before hashing. Reject deliveries whose timestamp is older than your tolerance window (we recommend 5 minutes).

OpenAPI specification

The full machine-readable OpenAPI 3.0 spec lives at https://getposta.app/openapi.yaml (mirror) and https://api.getposta.app/docs/openapi.yaml (canonical). Feed it into openapi-generator, Postman, Insomnia, or any tool that consumes OpenAPI to scaffold a client in your language of choice.

Browse the interactive documentation at api.getposta.app/docs — every endpoint has request/response schemas, examples, and an in-browser "Try it out" form.

Rate limits

Auth endpoints: 5 requests per minute per IP. General endpoints: 100 requests per minute per API token. Exceeding either returns 429 Too Many Requests with a Retry-After header. We'll raise per-token limits on request if you have a legitimate volume need.

API FAQ

Is the Posta API free?

The API is available on every paid Posta tier. Trial accounts can use it with the same limits as the trial. There is no separate enterprise contract required to access the REST API or webhooks.

How do I authenticate to the Posta API?

Generate an API token in Settings → API Tokens. Send it as Authorization: Bearer <token> on every request. Tokens are prefixed with posta_ and can be revoked at any time from the dashboard.

Where can I find the OpenAPI spec?

The machine-readable OpenAPI 3.0 specification lives at https://getposta.app/openapi.yaml. The same spec is also served at https://api.getposta.app/docs/openapi.yaml and powers the interactive Swagger UI at https://api.getposta.app/docs.

How are webhooks signed?

Posta sends an X-Posta-Signature header computed as HMAC SHA-256 over the string "<X-Posta-Timestamp>.<raw request body>" — timestamp and body joined by a literal dot. Compare the header against your own HMAC of that string to verify authenticity. The X-Posta-Timestamp value is an ISO 8601 datetime string. Reject deliveries whose timestamp is older than your chosen replay-protection window.

What webhook events does Posta send?

post.scheduled, post.processing, post.published, post.partially_published, post.failed, post.result.success, post.result.failed. Each fires on the lifecycle transition that gives it its name. Per-result events fire once per connected network, so a 3-platform post that succeeds on 2 and fails on 1 sends post.result.success twice and post.result.failed once.

How are webhook retries handled?

Failed deliveries are retried up to 5 times with exponential backoff (30s, 60s, 120s, 240s, 480s). Responses outside the 2xx range count as failures. Each delivery attempt is logged in the dashboard with response status, response body (truncated to 4 KB), and elapsed time.

Are there rate limits?

Yes. Auth endpoints are limited to 5 requests / minute per IP; general API endpoints are 100 requests / minute per token. Hitting a limit returns 429 with a Retry-After header.

Are there official SDKs?

Not yet. Both the OpenAPI spec and the REST surface are stable enough that openapi-generator produces a usable client in any language. We plan to publish official JS and Python SDKs; until then, the spec is the source of truth.

Explore more

Posta Home →Social Media Scheduler →Instagram Scheduler →TikTok Scheduler →Bluesky Scheduler →Threads Scheduler →Buffer Alternative →Hootsuite Alternative →Compare Schedulers →Auto Post Social Media →Social Media Tools →CLI Social Media Posting →

Start building with the Posta API

14-day free trial, no credit card. Bearer-token API, full OpenAPI spec, and HMAC-signed webhooks on every paid tier.

Start free trial→