SF SignalForge Unified social publishing

Authentication

API keys for projects, sessions for operators.

SignalForge separates human workspace access from machine traffic so API usage, provider operations, and team permissions stay scoped correctly.

Operator sessions

Workspace operators sign in with email and password. Auth sessions are persisted server-side, and protected console routes use a one-time handoff flow instead of leaking tokens into URLs.

Project API keys

Project API keys are used for content intake and project-specific automation. They should be treated like environment secrets and rotated when operational ownership changes.

Authorization model

  • Organizations own membership, invites, plan state, and usage ceilings.
  • Projects own API keys, social accounts, media, content items, and social posts.
  • Owner and admin memberships can change onboarding, billing metadata, and team configuration.