Skip to main content
Hayon supports six platform targets: Bluesky, Tumblr, Facebook, Instagram (via Facebook OAuth), Threads, and Mastodon. Once connected, you can create, schedule, and publish posts to any combination of them from a single dashboard.
Instagram is connected through the Facebook OAuth flow — it is automatically linked when you connect a Facebook Page that has an associated Instagram Business account. There is no separate Instagram-only connection.

Supported platforms

Bluesky

Connect via app password. No OAuth — credentials are exchanged directly with the AT Protocol service at bsky.social.

Tumblr

Connect via OAuth 1.0a. Hayon automatically links your primary Tumblr blog after authorization.

Facebook

Connect via Facebook OAuth (Meta Graph API v24.0). Requires a Facebook Page and optional Instagram Business account.

Threads

Connect via the Threads API (Meta). Uses a separate OAuth app from Facebook with Threads-specific scopes.

Mastodon

Connect via OAuth 2.0 against a configured Mastodon instance. Supports read, write, and push scopes.

How connections work

Each platform uses a different authentication method. The table below summarizes what Hayon stores for each.
PlatformAuth methodToken storedExpiry
BlueskyApp password (AT Protocol)accessJwt + refreshJwtSession-based
TumblrOAuth 1.0aoauthToken + oauthTokenSecretDoes not expire
FacebookOAuth 2.0 (Meta Graph)Long-lived page access token~60 days
ThreadsOAuth 2.0 (Threads API)Long-lived access token~60 days
MastodonOAuth 2.0 (instance)accessTokenInstance-defined
Hayon exchanges short-lived tokens for long-lived tokens automatically during the Facebook and Threads OAuth flows. You do not need to handle token refresh manually.

OAuth callback flow

For platforms that use OAuth (Tumblr, Facebook, Threads, Mastodon), the connection flow works as follows:
1

Initiate connection

Your browser makes a GET /api/platform/{platform}/connect request. Hayon generates an authorization URL and returns it.
2

Authorize on the platform

You are redirected to the platform’s authorization page, where you grant Hayon the requested permissions.
3

Callback

The platform redirects back to Hayon’s callback endpoint (GET /api/platform/{platform}/callback) with an authorization code and your Hayon user ID encoded in the state parameter.
4

Token exchange

Hayon exchanges the authorization code for an access token (and a long-lived token where applicable), then fetches your profile and stores everything in the SocialAccount document.
5

Redirect to settings

You are redirected back to /settings in the frontend where the newly connected account is shown.

Managing connected accounts

All connected accounts are stored in a single SocialAccount MongoDB document per user. Each platform has its own sub-document with the following fields:
  • connected — boolean flag indicating whether the platform is currently linked.
  • profile — display name, handle, and avatar URL fetched from the platform at connect time.
  • auth — platform-specific token fields (see table above).
  • health — connection health tracking with statuses: active, expired, revoked, error.
  • platformId — the platform’s internal identifier for the linked account or page.
You can refresh a connected account’s profile data at any time by calling the platform’s refresh endpoint (GET /api/platform/{platform}/refresh). This re-fetches your profile from the platform using the stored token.

Account health tracking

Hayon tracks the health of each connection in the health sub-document:
StatusMeaning
activeToken is valid and working
expiredToken has expired — reconnection required
revokedYou revoked access on the platform side
errorAn unexpected error occurred during a platform operation
When needsReconnection is true, the dashboard displays a reconnect prompt for that platform.

Disconnecting a platform

To disconnect any platform, send a DELETE /api/platform/{platform}/disconnect request. Hayon clears all stored tokens and sets connected: false for that platform’s sub-document.
Disconnecting a platform does not revoke the access token on the platform’s side. To fully revoke access, visit the platform’s settings and remove Hayon from connected applications.

Platform-specific notes

Bluesky does not use OAuth. You provide your Bluesky handle and an app password generated from your Bluesky account settings. Hayon never stores your main account password. See Bluesky integration for details.
Tumblr uses OAuth 1.0a, which involves a temporary request token stored in memory on the server. If you close the browser tab mid-flow, the session expires and you must restart the connection. See Tumblr integration for details.
Connecting Facebook also connects a linked Instagram Business account if one is associated with your Facebook Page. Disconnecting Facebook simultaneously disconnects the linked Instagram account. See Facebook integration for details.
Threads uses a separate Meta developer app from Facebook. Even if you have Facebook connected, you must complete a distinct OAuth flow to connect Threads. See Threads integration for details.
Hayon connects to a single, pre-configured Mastodon instance (set via MASTODON_INSTANCE_URL in your environment). If you need to connect an account on a different instance, you must update the server configuration. See Mastodon integration for details.

Build docs developers (and LLMs) love

Get started for freeTalk to us