Praisma Hub LogoPraisma Hub

2.7.1 Social Accounts — Platform Connections

The Social module in Praisma Hub manages platform connections as first‑class, tenant‑scoped resources. Each social account connection represents an authenticated, permission‑bound integration with an external platform (such as Facebook or LinkedIn) and is required before any publishing activity can occur.

Social accounts are never shared across tenants and are always bound to explicit roles and organizations.

Connection Architecture

Each social account connection consists of:

Platform identifier (facebook, instagram, linkedin, x)

External account ID (page, profile, or business ID)

Encrypted access tokens

Granted permission scopes

Connection health metadata

At runtime, publishing services resolve the active connection based on tenant, organization, and selected destination.

// Example: SocialAccount model (simplified) class SocialAccount extends Model { protected $fillable = [ 'tenant_id', 'platform', 'external_account_id', 'scopes', 'token_expires_at', 'metadata' ]; }

OAuth‑Based Authorization

All supported platforms use official OAuth flows. During connection:

The user is redirected to the platform authorization screen

Required scopes are explicitly requested

Tokens are exchanged server‑side

Tokens are encrypted and stored

No credentials or tokens are exposed to the frontend beyond the initial authorization redirect.

Permissions and Governance

Access to social accounts is enforced through:

Tenant isolation

Organization membership

Role‑based permissions (e.g. social.create, social.publish)

// Example permission check if (! $user->can('social.publish')) { abort(403); }

This ensures that users can draft content without necessarily being allowed to publish it.

Connection Health Monitoring

The system continuously evaluates:

Token expiration

Revoked permissions

Platform API errors

Failures generate notifications and prevent silent publishing errors.

Summary

Social accounts in Praisma Hub are secure, auditable, and role‑aware connections that form the foundation of reliable multi‑platform publishing