Summary and recommendation
Buffer exposes a public REST API (base URL: https://api.bufferapp.com/1) authenticated via OAuth 2.0. The API is read-oriented and scoped to the authenticated token owner - there are no endpoints to list, create, update, or remove team members programmatically. No SCIM endpoint, no webhook mechanism, and no v2 public API have been announced.
Teams requiring automated user lifecycle management should evaluate an MCP server with ~100 deep IT/identity integrations rather than building against Buffer's native API.
API quick reference
| Has user API | Yes |
| Auth method | OAuth 2.0 |
| Base URL | Official docs |
| SCIM available | No |
Authentication
Auth method: OAuth 2.0
Setup steps
- Register an application at https://buffer.com/developers/apps to obtain a client_id and client_secret.
- Redirect the user to https://bufferapp.com/oauth2/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&response_type=code.
- Exchange the returned authorization code for an access token via POST to https://api.bufferapp.com/1/oauth2/token.json with client_id, client_secret, redirect_uri, code, and grant_type=authorization_code.
- Use the returned access_token as a Bearer token or query parameter (access_token) on all subsequent API requests.
User object / data model
| Field | Type | Description | On create | On update | Notes |
|---|---|---|---|---|---|
| id | string | Unique identifier for the user. | N/A | N/A | Read-only. |
| name | string | Full name of the authenticated user. | N/A | N/A | Read-only via API. |
| string | Email address of the authenticated user. | N/A | N/A | Read-only via API. | |
| created_at | integer | Unix timestamp of account creation. | N/A | N/A | Read-only. |
| plan | string | Current subscription plan name. | N/A | N/A | Read-only. |
| profiles_count | integer | Number of social profiles connected. | N/A | N/A | Read-only. |
| is_premium | boolean | Whether the user is on a paid plan. | N/A | N/A | Read-only. |
| timezone | string | User's configured timezone. | N/A | N/A | Read-only via API. |
Core endpoints
Get authenticated user
- Method: GET
- URL:
https://api.bufferapp.com/1/user.json - Watch out for: This endpoint returns only the authenticated user (the token owner). There is no endpoint to list or manage other team members via the public API.
Request example
GET /1/user.json?access_token=ACCESS_TOKEN
Response example
{
"id": "4eb854340acb04e870000010",
"name": "Jane Doe",
"email": "jane@example.com",
"plan": "team",
"created_at": 1320703028
}
Get user's social profiles
- Method: GET
- URL:
https://api.bufferapp.com/1/profiles.json - Watch out for: Returns profiles accessible to the authenticated user only; does not expose team member profiles.
Request example
GET /1/profiles.json?access_token=ACCESS_TOKEN
Response example
[
{
"id": "4eb854340acb04e870000010",
"service": "twitter",
"service_username": "janedoe"
}
]
Rate limits, pagination, and events
Rate limits: Buffer's public API documentation does not publish explicit numeric rate limits. Limits are enforced but thresholds are not publicly documented.
Rate-limit headers: Unknown
Retry-After header: Unknown
Rate-limit notes: No publicly documented rate limit tiers or headers found in official docs as of research date.
Pagination method: none
Default page size: 0
Max page size: 0
Pagination pointer: Not documented
Webhooks available: No
Webhook notes: Buffer's public API documentation does not document any webhook or event subscription mechanism.
Alternative event strategy: Polling the /user.json or /profiles.json endpoints is the only documented approach for detecting state changes.
SCIM API status
- SCIM available: No
- SCIM version: Not documented
- Plan required: Not documented
- Endpoint: Not documented
Limitations:
- No SCIM support documented in any official Buffer help or developer documentation.
- No SSO or IdP integration (Okta, Entra, Google Workspace, OneLogin) documented.
- Team member management (invite, remove, role changes) is only available through the Buffer web UI, not via API.
Common scenarios
Two operations are reliably supported via the public API: retrieving the authenticated user's profile (GET /1/user. json) and listing their connected social profiles (GET /1/profiles.
json). Both endpoints return data scoped strictly to the token owner; team members' profiles and roles are not accessible.
A third common need - onboarding a new team member - has no API equivalent; it requires manual steps in the Buffer web UI and an email-based acceptance flow from the invitee. Rate limits are enforced but thresholds are not publicly documented, and no rate-limit response headers are specified in official documentation.
Retrieve authenticated user profile
- Complete OAuth 2.0 authorization flow to obtain access_token.
- GET https://api.bufferapp.com/1/user.json?access_token=ACCESS_TOKEN
- Parse the returned JSON for id, name, email, plan, and created_at fields.
Watch out for: Only the token owner's profile is returned. No bulk user listing is available.
List connected social profiles for a user
- Obtain access_token via OAuth 2.0.
- GET https://api.bufferapp.com/1/profiles.json?access_token=ACCESS_TOKEN
- Iterate the returned array to get profile IDs, services, and usernames.
Watch out for: Profiles returned are scoped to the authenticated user's token; team members' profiles are not accessible.
Onboard a new team member
- No API endpoint exists for this operation.
- Navigate to the Buffer web app team settings.
- Send an invitation via the UI; the invited user must accept via email.
Watch out for: Team member provisioning and deprovisioning cannot be automated via the Buffer API or SCIM. Manual UI steps are required.
Why building this yourself is a trap
The primary API trap is assuming that OAuth access implies org-level management capability. It does not. The Buffer API was originally built for the legacy single-user product; team and organization management features were never exposed through the public API surface.
There is no SCIM support, no IdP integration (Okta, Entra ID, Google Workspace, OneLogin), and no webhook or event subscription mechanism - polling /user.json is the only documented approach for detecting state changes. No official SDK is published by Buffer; any third-party libraries are community-maintained and carry no official support guarantee.
Automate Buffer workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
