For administrators

Get your API keys

Each integration needs OAuth credentials registered with the provider. Follow the section that matches what you're enabling, then paste the keys in Admin → Settings.

Replace {APP_URL} with http://localhost:3000 for dev or your real domain in production.

Google (YouTube + Login)

Provides: GOOGLE_CLIENT_IDGOOGLE_CLIENT_SECRET

Open console →

Step by step

  1. 1Go to Google Cloud Console at console.cloud.google.com and create a new project (top bar → New Project).
  2. 2Open the navigation menu → APIs & Services → Library. Search for 'YouTube Data API v3' and click Enable.
  3. 3APIs & Services → OAuth consent screen. Choose User Type 'External' (unless you have Google Workspace), fill in app name, user support email, and developer contact. Save and continue.
  4. 4On the Scopes step, click 'Add or remove scopes'. Add: '.../auth/youtube.readonly', 'openid', '.../auth/userinfo.email', '.../auth/userinfo.profile'. Continue.
  5. 5Add yourself as a Test User (so you can use the app while it's still in Testing mode).
  6. 6APIs & Services → Credentials → Create Credentials → OAuth client ID. Application type: Web application.
  7. 7Under Authorized redirect URIs, add both URIs from the panel on the right. Replace {APP_URL} with http://localhost:3000 in dev.
  8. 8Click Create. A dialog shows your Client ID and Client secret — copy both.
  9. 9In ViralAudit, open Admin → Settings → Google section, paste the Client ID and Client Secret, save.

Whitelist these redirect URIs

  • {APP_URL}/api/social/youtube/callback
  • {APP_URL}/api/auth/google/callback

Note: While in Testing mode the app only works for accounts you added as Test Users. Click 'Publish App' to open it up — Google may require verification for sensitive scopes.

Step by step

  1. 1Go to developers.facebook.com/apps and click Create App. Choose use case 'Other', then app type 'Business'.
  2. 2Provide an app name and contact email. Create.
  3. 3From the dashboard sidebar, add the Facebook Login product (click Set up next to it).
  4. 4Facebook Login → Settings. In Valid OAuth Redirect URIs, paste {APP_URL}/api/social/meta/callback (replace {APP_URL} with http://localhost:3000 in dev). Save Changes.
  5. 5App settings → Basic. Copy the App ID — that's META_CLIENT_ID. Click Show next to App Secret, paste your password, copy — that's META_CLIENT_SECRET.
  6. 6From the sidebar, App review → Permissions and Features. Request the permissions: pages_show_list, pages_read_engagement, instagram_basic. While in Development mode, app admins/developers/testers can use these without review; for live mode you must submit for App Review.
  7. 7In ViralAudit, open Admin → Settings → Meta section, paste the keys, save.

Whitelist these redirect URIs

  • {APP_URL}/api/social/meta/callback

Note: Instagram requires that the user's IG account be a Business or Creator account AND linked to a Facebook Page they administer. Personal IG accounts cannot be audited via Graph API.

Note: Apps in Development mode work only for users with a role in the app (admin/developer/tester). Add testers in Roles → Roles in the dashboard.

TikTok

Provides: TIKTOK_CLIENT_KEYTIKTOK_CLIENT_SECRET

Open console →

Step by step

  1. 1Go to developers.tiktok.com and log in with a TikTok account.
  2. 2Click Manage apps → Connect an app or Create an app. Provide app name, category, and a description.
  3. 3On the app dashboard, add products: Login Kit and Display API.
  4. 4In Login Kit settings, set the Redirect URI to {APP_URL}/api/social/tiktok/callback (replace {APP_URL} with http://localhost:3000 in dev).
  5. 5Add scopes: user.info.basic and video.list.
  6. 6Submit for review when ready (you can use sandbox/test mode with allowlisted accounts before approval).
  7. 7Copy the Client Key (TIKTOK_CLIENT_KEY) and Client Secret (TIKTOK_CLIENT_SECRET) from the app dashboard.
  8. 8In ViralAudit, open Admin → Settings → TikTok section, paste the keys, save.

Whitelist these redirect URIs

  • {APP_URL}/api/social/tiktok/callback

Note: TikTok requires app review for production traffic; until then only allowlisted test users can authenticate.

Stripe (subscriptions)

Provides: STRIPE_SECRET_KEYSTRIPE_WEBHOOK_SECRETSTRIPE_PRICE_PROSTRIPE_PRICE_AGENCY

Open console →

Step by step

  1. 1Sign up at stripe.com and stay in Test mode (toggle top-right) for development.
  2. 2Developers → API keys → reveal and copy the Secret key (sk_test_...). That's STRIPE_SECRET_KEY.
  3. 3Products → Add product. Create one for 'Pro' priced at $29/month, recurring. Save and copy its price ID (price_...) — that's STRIPE_PRICE_PRO.
  4. 4Repeat for 'Agency' at $99/month — copy its price ID for STRIPE_PRICE_AGENCY.
  5. 5For webhook signing in dev, install the Stripe CLI from stripe.com/docs/stripe-cli and run: stripe listen --forward-to localhost:3000/api/billing/webhook
  6. 6The CLI prints a webhook signing secret (whsec_...). Paste it into STRIPE_WEBHOOK_SECRET.
  7. 7In ViralAudit, open Admin → Settings → Stripe billing section, paste all four values, save.

Note: In production, register a webhook endpoint at Developers → Webhooks pointing at https://yourdomain/api/billing/webhook and use the signing secret it generates instead of the CLI one.

Resend (email)

Provides: RESEND_API_KEYEMAIL_FROM

Open console →

Step by step

  1. 1Sign up at resend.com.
  2. 2API Keys → Create API Key. Give it 'sending access' for the domain (or full access). Copy the key — it starts with re_.
  3. 3For dev, you can leave EMAIL_FROM as 'ViralAudit AI <onboarding@resend.dev>' (Resend's sandbox sender, only delivers to your verified email).
  4. 4For production, add and verify your own domain (Domains → Add Domain → follow DNS instructions), then set EMAIL_FROM to something like 'ViralAudit AI <noreply@yourdomain.com>'.
  5. 5In ViralAudit, open Admin → Settings → Email section, paste the values, save.

reCAPTCHA v3 (signup protection)

Provides: RECAPTCHA_SITE_KEYRECAPTCHA_SECRET_KEY

Open console →

Step by step

  1. 1Go to google.com/recaptcha/admin/create.
  2. 2Label: ViralAudit AI. reCAPTCHA type: v3 (invisible).
  3. 3Domains: add localhost for dev, plus your production domain.
  4. 4Accept the terms and submit. The next page shows your Site Key and Secret Key.
  5. 5In ViralAudit, open Admin → Settings → reCAPTCHA section, paste both keys, save.

Note: When unconfigured the signup form skips captcha entirely — set both keys to enable it.

Got your keys? Paste them in.

Open admin Settings →