Threads Setup
Get a long-lived Threads access token and your Threads User ID. This one lives on Meta's developer platform (same as Facebook and Instagram) but has its own App ID and App Secret, separate from the main Meta app. Don't mix them up.
social_threads_token, a long-lived access token (60-day lifetime, refreshable)social_threads_user_id, a numeric User ID
- You have a Threads account (personal is fine, Threads doesn't distinguish Business).
- Your Threads account and your Meta developer account are the same identity.
- You've got somewhere to host a privacy policy URL and a redirect URL. Both must be HTTPS. Any URL on getartdrop.com works for personal use.
-
1Meta for Developers
Create a Meta app with the Threads use case
- Go to developers.facebook.com/apps, log in.
- Click Create App.
- Under Use cases, pick Access the Threads API. (It's in the list, scroll if needed.)
- Name the app, add a contact email, create.
You can also add the Threads use case to an existing Meta app. Left sidebar, Use cases, Add use case, Access the Threads API.
-
2Threads app credentials
Copy the Threads App ID and Threads App Secret
Here's the trap: a Threads use-case app has two App IDs and two App Secrets, one for the parent Meta app, one for Threads specifically. You need the Threads pair, not the parent one.
- Left sidebar, Use cases, Access the Threads API, Customize.
- Scroll to Settings, find the Threads App ID and Threads App Secret.
- Copy both.
If you accidentally use the parent Meta app ID in OAuth calls, you'll get confusing
invalid_clienterrors. Always use the Threads pair. -
3Threads use case config
Add permissions and URLs
Still inside Use cases, Access the Threads API, Customize:
- Open Permissions, add:
threads_basic(required for everything)threads_content_publish(required to post)threads_manage_insights(optional, metrics)
- Open Settings (within the use case), add:
- Redirect Callback URL, any HTTPS URL you control (e.g.
https://getartdrop.com/). - Deauthorize Callback URL, same or different.
- Data Deletion Request URL, same.
- Redirect Callback URL, any HTTPS URL you control (e.g.
- Open Permissions, add:
-
4App Review
Add yourself as a Threads Tester (skip App Review)
A Threads use-case app starts in Development mode. In dev mode, only the app's own admins and testers can authorize it. That's fine for single-user use, you don't need App Review.
- Left sidebar, App roles, Roles.
- Scroll to Threads Testers, click Add Threads Testers.
- Enter your Threads username, send invite.
- On threads.net/settings, accept the invite (check the Website permissions or Invites section).
Do NOT flip the app to Live mode. Live mode requires full App Review, which takes 2 to 4 weeks and needs a screencast of the user flow. Totally unnecessary for personal use.
-
5OAuth authorize
Open the Threads authorize URL in a browser
Build this URL, swap in your
THREADS_APP_IDand redirect URL:https://threads.net/oauth/authorize ?client_id={THREADS_APP_ID} &redirect_uri={REDIRECT_URL} &scope=threads_basic,threads_content_publish,threads_manage_insights &response_type=code &state=artdrop-setupPaste it into a browser where you're logged into Threads. Hit Authorize. Threads redirects back to your redirect URL with a
?code=...param in the address bar.Copy the
codevalue out of the URL. Use it in the next step within a few minutes. Codes expire fast. -
6Exchange code for short token
Trade the code for a short-lived access token
POST to the token endpoint. Easiest with curl:
curl -X POST https://graph.threads.net/oauth/access_token \ -F client_id={THREADS_APP_ID} \ -F client_secret={THREADS_APP_SECRET} \ -F grant_type=authorization_code \ -F redirect_uri={REDIRECT_URL} \ -F code={CODE_FROM_STEP_5}Response:
{ "access_token": "THAAx...", "user_id": 123456789012345 }Copy the
access_token. That's the short-lived version (~1 hour). Also grabuser_id, that's the Threads User ID for ArtDrop. -
7Long-lived token
Exchange the short token for a 60-day token
curl -G https://graph.threads.net/access_token \ -d grant_type=th_exchange_token \ -d client_secret={THREADS_APP_SECRET} \ -d access_token={SHORT_TOKEN_FROM_STEP_6}Response gives you a new
access_tokengood for 60 days.ArtDrop auto-refreshes this token before it expires. If ArtDrop is offline or uninstalled past the 60-day mark, the token dies and you'll need to redo from Step 5.
-
8Paste and save
Enter both values in ArtDrop
Back in ArtDrop's Social page, Threads section:
- Threads Access Token: the long-lived token from Step 7.
- User ID: the numeric ID from Step 6.
Hit Save. ArtDrop calls
/me?fields=id,usernameto verify, and you'll see the linked username immediately if it worked.
- Wrong App ID: the #1 cause of OAuth failures. Use the Threads App ID, not the parent Meta app ID. They're listed on different screens.
- "Invalid redirect URI": the redirect URL in the OAuth call must match exactly what's in the app config (trailing slash, scheme, port, everything).
- Code already used: authorization codes are single-use. If Step 6 fails, go back to Step 5 and get a fresh code.
- Long-lived token dies at 60 days if never refreshed. ArtDrop auto-refreshes when you're within 7 days of expiry, but the tool has to be running.
- Personal only: you can only authorize for accounts that OAuth into your app. You can't manage other people's Threads accounts without them going through this flow themselves.
- Rate limits: 250 published posts per 24 hours, per account. ArtDrop stays well under, but backfilling 500 posts in one go will stall.
- Posting is two-step under the hood: create container, then publish. ArtDrop handles this for you, you only supply the creds here.
Threads OAuth is the most finicky of all five because of the two-App-ID quirk. If Step 6 is returning invalid_client or invalid_grant, screenshot the Meta app's Use cases, Access the Threads API, Customize, Settings screen and email support@getartdrop.com. We'll verify you're using the right IDs.
Official reference: Threads Get Started, Long-Lived Tokens.