Home Threads API - How to authenticate, retrieve tokens
Post
Cancel

Threads API - How to authenticate, retrieve tokens

Threads API is now officially available.

The API offers a range of capabilities. Users can now publish posts via the API, fetch their own content, and utilize our reply management features to set reply and quote controls, retrieve replies to their posts, and hide, unhide, or respond to specific replies. Insights are available too; allowing users to view key metrics, including the number of views, likes, replies, reposts, and quotes at both media and account levels, as well as follower count and demographics for their account.

Prerequisites

Create a meta app.

Window shadow Access to Threads API

Once the App is created on the Meta Developer Dashboard, navigate to the Usecases, select the Customize option and give the necessary permissions that you would like to have.

Window shadow Customise Permissions

On the Settings window, give the callback URLs, if you do not have valid oauth redirects, feel free to add:

Window shadow Callback URLs

Click Add or Remove Threads testers and assign a tester, probably yourself, i.e your threads username:

Window shadow Threads Tester

You will now need to navigate to the Threads Account Settings page and accept the test user invitation:

Window shadow Accept Invitation as Tester

Get Tokens

On a web browser, navigate to the following url, ensure you edit the URL to add/remove scopes that you assigned permissions earlier. Refer Scope Details.

https://threads.net/oauth/authorize?client_id=439658312162916&redirect_uri=https://oauth.pstmn.io/v1/callback/&scope=threads_basic,threads_content_publish,threads_read_replies,threads_manage_replies,threads_manage_insights&response_type=code

Once you hit enter, you will need to authenticate as the test user and you will be redirected to the call back url which can be found on the address bar. E.g: https://oauth.pstmn.io/v1/callback/?code=AQBx-hBsH3...#_

Copy the code.

#_ will be appended to the end of the redirect URI, but it is not part of the code itself, so strip it out.

Once you have the code, make a POST to the endpoint with the Threads App ID, Threads App Secret (Can be fetched from the developer dashboard, select the app and App Settings> Basic) and the code you received in the previous step:

1
2
3
4
5
6
7
curl -X POST \
  https://graph.threads.net/oauth/access_token \
  -F client_id=<thread_app_id> \
  -F client_secret=<thread_app_secret> \
  -F grant_type=authorization_code \
  -F redirect_uri=https://oauth.pstmn.io/v1/callback/ \
  -F code=XXXXXXXXXXXXxx255KXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxxx4w2Q

It should return the access code. Sample Output:

1
2
{"access_token":"ZXXXXXXXXXXXSSSSSSSSSSSSSSSSSSSSSSDFlVYlZAYjRJSSSSSSSSSSNWc4Si1TD","user_id":4928338}

What you have now is a short-lived access token which is valid for one hour. You can live with it, refresh when expired or exchange it for long-lived tokens which will be active for 60 days at which point would require a refresh.

Here’s how to get long-lived token with your thread app secret and short lived token:

1
2
curl -i -X GET "https://graph.threads.net/access_token?grant_type=th_exchange_token&client_secret=<thread-app-secret>&access_token=<short-lived-token-from-previous-step>"

Sample response:

1
2
3
4
5
6
{
  "access_token": "<LONG_LIVED_USER_ACCESS_TOKEN>",
  "token_type": "bearer",
  "expires_in": 5183944  // 60 days
}

Use the API

The long lived token can be used to get the various details from Threads:

1
2
3
curl -s -X GET \
"https://graph.threads.net/v1.0/me?fields=id,username,threads_profile_picture_url,threads_biography&access_token=$THREADS_ACCESS_TOKEN"

Source: Threads Developer Docs

This post is licensed under CC BY 4.0 by the author.