Connecting platforms
Every integration uses the platform's native auth. We never see your password, and every token is encrypted per-org with Fernet + HKDF.
How connections work
Head to /connections and click any logo. You get redirected to the platform, approve MarquIQ, and come back with a connection. For platforms without OAuth (app passwords, API keys, session tokens) you paste the token in a secure field that never hits our logs.
Platform matrix
| Platform | Auth | Status |
|---|---|---|
| X (Twitter) | OAuth 2.0 PKCE | Live |
| OAuth 2.0 | Live | |
| OAuth 2.0 | Live | |
| Bluesky | App password | Live |
| Mastodon | OAuth 2.0 | Live |
| Dev.to | API key | Live |
| Hashnode | API key | Live |
| Indie Hackers | Session token | Live |
| Hacker News | Session token | Live |
| Threads | OAuth 2.0 | Beta |
| Facebook Page | OAuth 2.0 | Beta |
| Instagram Business | OAuth 2.0 | Beta |
| TikTok | OAuth 2.0 | Beta |
| YouTube | OAuth 2.0 | Beta |
| OAuth 2.0 | Beta | |
| Discord | Webhook / bot token | Beta |
| Slack | OAuth 2.0 | Beta |
| Telegram | Bot token | Beta |
| Medium | Integration token | Beta |
| WordPress | Application password | Beta |
| Farcaster | Signer + FID | Coming soon |
| Nostr | nsec key | Coming soon |
| Lemmy | API + JWT | Coming soon |
| Google My Business | OAuth 2.0 | Coming soon |
| Kick | OAuth 2.0 | Coming soon |
| Twitch | OAuth 2.0 | Coming soon |
Credential storage
Tokens are encrypted at rest with a per-org data encryption key (DEK) derived via HKDF from a master key-encryption key (KEK). The master KEK lives in environment config only — it is never written to disk or the database.
Security
Reddit is special
Reddit tasks are forced to full-review mode regardless of your org setting. Reddit punishes shallow AI replies hard — lost karma, banned accounts, banned subs. Every Reddit draft shows the parent thread so you can verify the reply is genuinely useful before it goes out.