> ## Documentation Index
> Fetch the complete documentation index at: https://authsome.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Postiz

> Log in to Postiz from authsome via OAuth2. Tokens are stored locally and refreshed automatically.

Postiz is a bundled OAuth2 provider in authsome. Postiz social posting and scheduling APIs.

## At a glance

|                          |                                                  |
| ------------------------ | ------------------------------------------------ |
| Provider name            | `postiz`                                         |
| Display name             | Postiz                                           |
| Auth type                | OAuth2                                           |
| Default flow             | `device_code`, headless                          |
| PKCE supported           | Yes                                              |
| Device code supported    | Yes                                              |
| DCR supported            | No                                               |
| Default scopes           | (none)                                           |
| Proxy host               | `api.postiz.com`                                 |
| Env var (`access_token`) | `POSTIZ_ACCESS_TOKEN`                            |
| Provider docs            | [Link](https://docs.postiz.com/public-api/oauth) |

## Prerequisites

Postiz uses the device authorization grant. No callback URL is registered. You enter a short code on a separate device after running `authsome login`.

## Log in

```bash theme={null}
authsome login postiz
```

Authsome prints a verification URL and a short user code. Open the URL on any device, enter the code, approve the app, and authsome's poll completes.

Verify:

```bash theme={null}
authsome get postiz --field status
# → connected
```

## Multiple accounts

Pass `--connection <name>` on `login` and on every read command to keep two or more accounts on the same provider side by side. See [Multiple connections per provider](/guides/multiple-connections) for the full pattern.

```bash theme={null}
authsome login postiz --connection personal
authsome login postiz --connection work
```

## Use the token

Run the agent under the proxy (recommended).

<CodeGroup>
  ```bash Proxy (recommended) theme={null}
  authsome run -- python my_agent.py
  ```

  ```bash Environment theme={null}
  eval "$(authsome export postiz --format env)"
  ```
</CodeGroup>

Under the proxy, authsome sets `POSTIZ_ACCESS_TOKEN=authsome-proxy-managed` in the child's environment and injects the real token into outbound requests to `api.postiz.com`. The child process never sees the actual value. Refresh tokens are never exported.

## Override the bundled definition

```bash theme={null}
authsome inspect postiz > ~/.authsome/providers/postiz.json
# edit scopes, base_url, or anything else
authsome list   # source now shows "custom" for postiz
```

User-registered files always win over bundled definitions.

## What's next

<Columns cols={2}>
  <Card title="Headless setup" icon="server" href="/guides/headless-device-code">
    Postiz is the only bundled provider that defaults to the device code flow.
  </Card>

  <Card title="Run agents with the proxy" icon="shield-halved" href="/guides/run-agents-with-proxy">
    Inject the access token into outbound requests without exposing it.
  </Card>
</Columns>
