PostFast API

Programmatically schedule and publish posts across 11 social platforms, upload media, and read analytics. REST over HTTPS, authenticated with a single workspace API key.

https://api.postfa.st/Auth: pf-api-key

Quickstart: a 200 in under 2 minutes

  1. Generate a workspace API key from Workspace Settings (requires an ADMIN role).
  2. Send it in the pf-api-key header.
  3. Make a cheap read to confirm it works: list your connected accounts.
curl -X GET "https://api.postfa.st/social-media/my-social-accounts" \
  -H "pf-api-key: YOUR_WORKSPACE_API_KEY"
See GET /social-media/my-social-accounts ->

API Endpoints

Social Post Management

GET/social-posts

Query and paginate your social posts with filters. Supports filtering by IDs, platforms, statuses, and date ranges.

POST/social-posts

Creates and schedules one or more social posts (up to 15 per request).

DELETE/social-posts/{id}

Deletes a scheduled or failed social post.

GET/social-posts/analytics

Fetch published posts with their latest performance metrics. Only returns posts that have been successfully published (with a platformPostId).

I. Authentication

Overview

All API requests must be authenticated using an API key specific to your workspace. The API key must be included in the request headers as pf-api-key.

Generating an API Key

Users with an ADMIN role in a workspace can generate an API key from the Workspace Settings page within the PostFast web application. Each API key is uniquely tied to a single workspace and grants access only to the social media accounts connected within that specific workspace. This key is then used for authenticating your REST API requests.

Example Header:

pf-api-key: YOUR_WORKSPACE_API_KEY

Rate Limiting

All API endpoints are subject to both global rate limits and endpoint-specific limits. Rate limits are tracked per API key, meaning each workspace has its own separate rate limit allowances.

The most restrictive limit applies first - if any rate limit is exceeded, the request will be rejected with a 429 status code.

Global Rate Limits (All Endpoints)

  • 60 requests per minute
  • 150 requests per 5 minutes
  • 300 requests per hour
  • 2000 requests per day

Rate Limit Headers

API responses include relevant rate limit headers for active throttlers:

X-RateLimit-Limit-short: 60
X-RateLimit-Remaining-short: 59
X-RateLimit-Reset-short: 60
X-RateLimit-Limit-medium: 150
X-RateLimit-Remaining-medium: 149
X-RateLimit-Reset-medium: 300
Retry-After-long: 2395

Header meanings:

  • X-RateLimit-Limit-[throttler]: Maximum requests allowed
  • X-RateLimit-Remaining-[throttler]: Requests remaining in window
  • X-RateLimit-Reset-[throttler]: Seconds until window resets
  • Retry-After-[throttler]: Seconds to wait before retry (when limited)

Rate Limit Exceeded (429 Response)

When rate limits are exceeded, you'll receive:

{
  "statusCode": 429,
  "message": "ThrottlerException: Too Many Requests"
}

Note: Headers vary by endpoint and show only active throttlers. Different endpoints may display different header combinations based on their specific rate limits.

Error Responses

Common HTTP status codes you might encounter:

  • 400 Bad Request - The request was malformed (e.g., missing required fields, invalid JSON). Check the response body for specific error messages. Also returned when scheduling a post to a social account that is currently DISABLED (revoked/expired token or suspended account) — reconnect it in the PostFast app first.
  • 401 Unauthorized - The API key is missing, invalid, or not authorized for the workspace.
  • 403 Forbidden - The API key is valid, but does not have permissions for the requested action (e.g., trying to access resources of another workspace).
  • 404 Not Found - The requested resource (e.g., a specific social post for deletion) could not be found.
  • 429 Too Many Requests - You have exceeded the rate limit for the endpoint.
  • 500 Internal Server Error - An unexpected error occurred on our server.

III. Typical Workflow: Scheduling Posts with Media

  1. Authentication: Ensure you have a valid pf-api-key for your workspace.
  2. (Optional) Identify Target Account: Call GET /social-media/my-social-accounts to list available social media accounts and retrieve the id of the account you want to post to. Store these IDs as they are generally stable.
  3. Request Signed URLs for Media: If your posts include media:
    • Call POST /file/get-signed-upload-urls with the contentType (e.g., image/png) and count.
    • Receive a response containing an array of { key, signedUrl } objects.
  4. Upload Media to S3: For each media item:
    • Perform an HTTP PUT request to the signedUrl.
    • The request body must be the raw file data.
    • The Content-Type header of this PUT request must match the contentType used in the previous step.
    // Upload file to S3 using the signed URL from previous step  
const fs = require('fs');
const file = fs.readFileSync('/path/to/your/image.png');

const response = await fetch(signedUrl, {
  method: 'PUT',
  body: file,
  headers: {
    'Content-Type': 'image/png' // Must match contentType from step 1
  }
});

if (response.ok) {
  // File uploaded successfully
  // Use the 'key' from step 1 in your social posts
}
  5. Create the Social Posts:
    • Call POST /social-posts.
    • In the request body, include an array of posts in the posts field, each containing content, scheduledAt, and socialMediaId.
    • If media was uploaded, populate the mediaItems array for each post using the key(s) from step 3 (e.g., image/a1b2c3d4-e5f6-7890-1234-567890abcdef.png). Ensure the type field ('IMAGE' or 'VIDEO') matches the key prefix.
    • Optionally include controls for platform-specific settings.
Browse API Guides by PlatformDownload n8n Integration Workflow