Connecting and Tokens are a concept used by networks to manage pages and accounts, and are generated when a user - you for example - authorises the scrmhub platform to access something (connect).
scrmhub uses the services that each network provides to make this connection which us ultimately authorised on their side. This document does not cover that flow, but there are lots of documents online discussing it.
We also have a post, "Keep it real, Don't fake it" which discusses managing access to pages and accounts.
This is a question we get asked quite often, and the simplest answer is they are like a pre-paid phone.
Networks don't just give out content, they give you tokens that you access their services with, and have an amount of credits that you can use to access the service. Every type of token outlined below has an amount of credits assigned, and the limits aren't vary according to what they are designed to do.
For this reason, we use your tokens to collect data on your pages and your competitors as our own application is not given enough to consume your data as well.
When a token is generated there are several types that are created and serve different functions according to the platform:
- User Tokens - This is a token to act on your behalf. They allow scrmhub to renew tokens and ensure that your account details are up to date. On some platforms, such as Twitter, this token is the only one available. The value of this is designed for user interaction which is generally quite small for the reason that there's only so much a user can do. It is not good for collecting page statistics as it's limits are too small.
- Page Tokens - This is currently Facebook specific and is a token that only has access to a page. It enables reading of content and publishing posts for and as that page. The value of this token is based on how engaged your page is and is ideal for collecting statistics, posting content and managing adverts. The more people who access your page, the more value your token is given as you have more data to collect.
Also, we store the tokens using heavy encryption so that in the event of a breach, the tokens are still safe, and we will never, ever share them with anyone.
What are the tokens used for
- Collecting statistics about a location - e.g. number of fans
- Collecting statistics about content - e.g. How many likes or comments a post got
- Publishing content - e.g. Posting content to Twitter or Facebook
- Publishing activations (if the platform supports it - currently only Facebook)
- Validating a user (used when setting up an account)
- Getting lists of pages user can access (this is useful to show a user what they can manage)
What are they not used for?
Doing things without your permission! We mean that. We don't do anything you haven't asked us to do. We mean that. We will never touch your account without your approval, nor post content.
Additionally, our accounts are setup with each network in a way that restricts all access to just our infrastructure so even if someone compromised a token, they would be useless outside of our platform
What are the issues that can occur?
Tokens are designed with security at their core, which means there are a lot of cases where a token will no longer work:
- Expires - This is common. They by design have a short lifespan of a few days to a few months. When a token is near expiring, we will contact you to let you know so you can re-connect before that happens. this way your scrmhub experience will be uninterrupted.
- User changes password - Tokens are linked to accounts and if a critical piece of security for that account changes - such as a password - the network will make any generated token invalid.
- User losses permission on the location - When a user leaves a business or stops working on an account, clients will usually remove that user's access to the page. If this happens, anything that uses that user's token will become invalid.
- Platform triggers a blanket reset - This sounds odd, but sometimes the networks roll out security updates that invalidate all tokens that have been collected. It is beyond our control and we will notify you when it happens.