Security
Internal authentication system and security practices
Currently, Skool doesn't provide an official API or OAuth authentication system, which means we must use account credentials to establish connections. We understand this isn't ideal, and we've implemented several measures to protect your data.
How We Handle Your Credentials
We do not store your Skool credentials on our servers. Here's exactly what happens:
When you create a session, your credentials are used once by a background process to authenticate with Skool
This process generates an authentication token from Skool's servers
Only this encrypted auth token is stored in our secure, encrypted relational database
Your original credentials are immediately discarded and never saved
Important Security Considerations
Password changes: If you update your Skool password or email, existing tokens become invalid and sessions will stop working
Token expiration: Auth tokens automatically expire after approximately one year
Manual renewal: Since we don't store credentials, you'll need to manually recreate sessions when tokens expire
No automatic refresh: We cannot automatically renew expired sessions for security reasons
Recommended Security Practices
We recommend creating a dedicated Skool account specifically for API access:
Set this account as an admin in your community
Use a unique, strong password that you don't use elsewhere
This isolates API access from your personal account
Makes it easier to manage and revoke access if needed
Our Commitment to Transparency
We acknowledge that credential-based authentication isn't the most secure approach. We're actively exploring better authentication methods and plan to open-source our authentication handling code for complete transparency.
Last updated