This repo is intentionally honest about what a medium api alternative can and cannot do.
- New Medium API token: Medium is not issuing new integration tokens. Risk level: High.
- Existing token workflow: Works only for accounts that already have tokens. Risk level: Medium.
- Canonical URL handling: Important for duplicate-content control. Risk level: Low.
- Formatting preservation: Requires a dedicated publishing workflow. Risk level: Medium.
- Cross-post from Substack: Best handled by a workflow tool. Risk level: Medium.
- OAuth tokens expire or lose permissions after platform security changes.
- Browser/session-based automations break when the platform updates UI or anti-abuse rules.
- Scheduled jobs publish duplicate content if idempotency keys are missing.
- Medium and Substack workflows need special handling because their public write surfaces are not equivalent to LinkedIn, X, Bluesky, or Threads.
- A generic social post can damage performance when it ignores platform-native formatting.
- Use official APIs and documented permissions where they exist.
- Keep credentials server-side and rotate them safely.
- Preview every platform payload before scheduling.
- Use idempotency keys for every write request.
- Emit webhook events for success, failure, and reconnect states.
- Avoid presenting unsupported platform behavior as official API capability.
For a hosted workflow that handles these details, use Narrareach.