Threads · Capability

Threads API — Authorization

Threads API — Authorization. 2 operations. Lead operation: Get Long-Lived Access Token. Self-contained Naftiko capability covering one Threads Api business surface.

Run with Naftiko Threads ApiAuthorization

What You Can Do

GET
Get — Get Long-Lived Access Token
/v1/access-token
POST
Post — Exchange the Code For a Token
/v1/oauth/access-token

MCP Tools

get-long-lived-access-token

Get Long-Lived Access Token

read-only idempotent
exchange-code-token

Exchange the Code For a Token

Capability Spec

threads-authorization.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Threads API — Authorization
  description: 'Threads API — Authorization. 2 operations. Lead operation: Get Long-Lived Access Token. Self-contained Naftiko
    capability covering one Threads Api business surface.'
  tags:
  - Threads Api
  - Authorization
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    THREADS_API_API_KEY: THREADS_API_API_KEY
capability:
  consumes:
  - type: http
    namespace: threads-authorization
    baseUri: http://{{api_host}}
    description: Threads API — Authorization business capability. Self-contained, no shared references.
    resources:
    - name: access_token
      path: /access_token
      operations:
      - name: get
        method: GET
        description: Get Long-Lived Access Token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: grant_type
          in: query
          type: string
        - name: client_secret
          in: query
          type: string
    - name: oauth-access_token
      path: /oauth/access_token
      operations:
      - name: post
        method: POST
        description: Exchange the Code For a Token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: client_id
          in: query
          type: string
          description: 'Your Threads App ID displayed in App Dashboard > App settings > Basic > Threads App ID. Example: 990602627938098.'
        - name: client_secret
          in: query
          type: string
          description: 'Your Threads App Secret displayed in App Dashboard > App settings > Basic > Threads App secret. Example:
            a1b2C3D4.'
        - name: code
          in: query
          type: string
          description: Authorization Code
        - name: grant_type
          in: query
          type: string
          description: This value is required
        - name: redirect_uri
          in: query
          type: string
          description: The redirect URI you passed when you directed the user to the Authorization Window. This must be the
            same URI or the request will be rejected.
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
  exposes:
  - type: rest
    namespace: threads-authorization-rest
    port: 8080
    description: REST adapter for Threads API — Authorization. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/access-token
      name: access-token
      description: REST surface for access_token.
      operations:
      - method: GET
        name: get
        description: Get Long-Lived Access Token
        call: threads-authorization.get
        with:
          grant_type: rest.grant_type
          client_secret: rest.client_secret
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/oauth/access-token
      name: oauth-access-token
      description: REST surface for oauth-access_token.
      operations:
      - method: POST
        name: post
        description: Exchange the Code For a Token
        call: threads-authorization.post
        with:
          client_id: rest.client_id
          client_secret: rest.client_secret
          code: rest.code
          grant_type: rest.grant_type
          redirect_uri: rest.redirect_uri
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: threads-authorization-mcp
    port: 9090
    transport: http
    description: MCP adapter for Threads API — Authorization. One tool per consumed operation, routed inline through this
      capability's consumes block.
    tools:
    - name: get-long-lived-access-token
      description: Get Long-Lived Access Token
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: threads-authorization.get
      with:
        grant_type: tools.grant_type
        client_secret: tools.client_secret
      outputParameters:
      - type: object
        mapping: $.
    - name: exchange-code-token
      description: Exchange the Code For a Token
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: threads-authorization.post
      with:
        client_id: tools.client_id
        client_secret: tools.client_secret
        code: tools.code
        grant_type: tools.grant_type
        redirect_uri: tools.redirect_uri
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.