Threads Setup

Create a Meta app with the Threads use case

1. Go to developers.facebook.com/apps, log in.
2. Click Create App.
3. Under Use cases, pick Access the Threads API. (It's in the list, scroll if needed.)
4. Name the app, add a contact email, create.

You can also add the Threads use case to an existing Meta app. Left sidebar, Use cases, Add use case, Access the Threads API.

Copy the Threads App ID and Threads App Secret

Here's the trap: a Threads use-case app has two App IDs and two App Secrets, one for the parent Meta app, one for Threads specifically. You need the Threads pair, not the parent one.

1. Left sidebar, Use cases, Access the Threads API, Customize.
2. Scroll to Settings, find the Threads App ID and Threads App Secret.
3. Copy both.

If you accidentally use the parent Meta app ID in OAuth calls, you'll get confusing invalid_client errors. Always use the Threads pair.

Add permissions and URLs

Still inside Use cases, Access the Threads API, Customize:

1. Open Permissions, add:
   • threads_basic (required for everything)
   • threads_content_publish (required to post)
   • threads_manage_insights (optional, metrics)
2. Open Settings (within the use case), add:
   • Redirect Callback URL, any HTTPS URL you control (e.g. https://getartdrop.com/).
   • Deauthorize Callback URL, same or different.
   • Data Deletion Request URL, same.

Add yourself as a Threads Tester (skip App Review)

A Threads use-case app starts in Development mode. In dev mode, only the app's own admins and testers can authorize it. That's fine for single-user use, you don't need App Review.

1. Left sidebar, App roles, Roles.
2. Scroll to Threads Testers, click Add Threads Testers.
3. Enter your Threads username, send invite.
4. On threads.net/settings, accept the invite (check the Website permissions or Invites section).

Do NOT flip the app to Live mode. Live mode requires full App Review, which takes 2 to 4 weeks and needs a screencast of the user flow. Totally unnecessary for personal use.

Open the Threads authorize URL in a browser

Build this URL, swap in your THREADS_APP_ID and redirect URL:

https://threads.net/oauth/authorize
    ?client_id={THREADS_APP_ID}
    &redirect_uri={REDIRECT_URL}
    &scope=threads_basic,threads_content_publish,threads_manage_insights
    &response_type=code
    &state=artdrop-setup

Paste it into a browser where you're logged into Threads. Hit Authorize. Threads redirects back to your redirect URL with a ?code=... param in the address bar.

Copy the code value out of the URL. Use it in the next step within a few minutes. Codes expire fast.

Trade the code for a short-lived access token

POST to the token endpoint. Easiest with curl:

curl -X POST https://graph.threads.net/oauth/access_token \
     -F client_id={THREADS_APP_ID} \
     -F client_secret={THREADS_APP_SECRET} \
     -F grant_type=authorization_code \
     -F redirect_uri={REDIRECT_URL} \
     -F code={CODE_FROM_STEP_5}

Response:

{ "access_token": "THAAx...", "user_id": 123456789012345 }

Copy the access_token. That's the short-lived version (~1 hour). Also grab user_id, that's the Threads User ID for ArtDrop.

Exchange the short token for a 60-day token

curl -G https://graph.threads.net/access_token \
     -d grant_type=th_exchange_token \
     -d client_secret={THREADS_APP_SECRET} \
     -d access_token={SHORT_TOKEN_FROM_STEP_6}

Response gives you a new access_token good for 60 days.

ArtDrop auto-refreshes this token before it expires. If ArtDrop is offline or uninstalled past the 60-day mark, the token dies and you'll need to redo from Step 5.

Enter both values in ArtDrop

Back in ArtDrop's Social page, Threads section:

• Threads Access Token: the long-lived token from Step 7.
• User ID: the numeric ID from Step 6.

Hit Save. ArtDrop calls /me?fields=id,username to verify, and you'll see the linked username immediately if it worked.