Skip to main content
Hayon connects to Threads via the Threads API (graph.threads.net), which is Meta’s dedicated API for Threads. It uses an OAuth 2.0 flow with Threads-specific scopes and is entirely separate from the Facebook integration — you must connect Threads independently even if you already have Facebook connected.
The Threads API uses https://graph.threads.net as its base URL, distinct from Meta’s Facebook Graph API at https://graph.facebook.com. Tokens and apps are not shared between the two.

How the Threads OAuth flow works

1

Initiate the connection

Hayon’s backend (GET /api/platform/threads/connect) builds an authorization URL targeting https://threads.net/oauth/authorize with the required scopes and your Hayon user ID in the state parameter.
2

Authorize on Threads

You are redirected to Threads’ authorization page. Review the requested permissions and tap Authorize.
3

Callback

Threads redirects back to GET /api/platform/threads/callback with a one-time code and your Hayon user ID in state.
4

Short-lived token exchange

Hayon sends a POST request to https://graph.threads.net/oauth/access_token to exchange the code for a short-lived access token and your Threads user ID.
5

Long-lived token exchange

Hayon immediately exchanges the short-lived token for a long-lived token (valid ~60 days) using the th_exchange_token grant type via GET https://graph.threads.net/access_token.
6

Profile fetch

Hayon calls GET https://graph.threads.net/me with fields id,username,name,threads_profile_picture_url to retrieve your profile.
7

Redirect to settings

You are redirected back to /settings?success=threads_connected where your connected Threads account is displayed.

Required OAuth scopes

Hayon requests the following Threads permissions:
ScopePurpose
threads_basicRead basic account information (username, profile picture, ID)
threads_content_publishPublish posts (text and media) to Threads
threads_manage_insightsRead post and account-level analytics
Like other Meta products, your Threads app must pass Meta’s App Review before non-admin users can authorize. During development, only users listed as testers or admins on the Meta app can complete the OAuth flow.

What Hayon stores

FieldDescription
connectedtrue once authorized
platformIdYour Threads user ID
auth.accessTokenLong-lived access token (valid ~60 days)
auth.expiresAtApproximately 60 days from connection time
profile.handleYour Threads username
profile.displayNameYour Threads display name
profile.avatarthreads_profile_picture_url from the Threads API

Supported content types

Threads supports text and media posts. Hayon’s integration covers:
Content typeSupported
Text-only postsYes
Single image postsYes
Carousel posts (multiple images)Yes
Video postsNo
Replies / quote postsNo
PollsNo

Character limits and constraints

  • Character limit: 500 characters per Threads post.
  • Images per carousel: Up to 10 images in a single carousel post.
  • Image formats: JPEG, PNG.
  • Maximum image size: As specified by the Threads API — images should be under 8 MB.
  • Video: Video posting is not currently implemented in Hayon’s Threads integration.
Threads posts exceeding 500 characters are rejected by the Threads API. Hayon does not automatically truncate content.

Token expiry and refresh

Threads long-lived access tokens are valid for approximately 60 days. Hayon stores the expiry time in auth.expiresAt. To manually refresh your Threads profile data while the token is valid: 
GET /api/platform/threads/refresh
Authorization: Bearer <hayon-jwt>
This re-fetches your username, display name, and profile picture from the Threads API and updates the stored profile.
There is currently no background token refresh for Threads. When the token expires, the health status changes to expired and needsReconnection is set to true. You must disconnect and reconnect Threads to obtain a new token.

Disconnecting

To disconnect Threads, navigate to Settings > Connected accounts and click Disconnect next to Threads, or call: 
DELETE /api/platform/threads/disconnect
Authorization: Bearer <hayon-jwt>
This clears the access token, platform ID, and profile data, and sets connected: false. To fully revoke Hayon’s access on Threads, visit your Threads account settings and remove the app from authorized applications.

Limitations

Even if you have Facebook connected, Threads requires a separate OAuth flow with its own app credentials. Connecting or disconnecting Facebook has no effect on your Threads connection.
Hayon connects one Threads account per user. Connecting a second Threads account replaces the first.
Publishing to Threads requires the threads_content_publish scope, which requires Meta App Review approval for production use. Your Hayon deployment must have a Meta app with this scope approved.
Unlike some OAuth 2.0 implementations, Threads long-lived tokens are not automatically renewed by Hayon. Reconnect every ~60 days to avoid interruption.

Troubleshooting

The authorization code was not returned by Threads (e.g. you denied access or closed the window). Click Connect again and complete the authorization.
An error occurred during the token exchange or profile fetch. Check that your Threads app credentials (THREADS_APP_ID, THREADS_APP_SECRET, THREADS_REDIRECT_URI) are correctly configured in your server environment.
Use the refresh endpoint (GET /api/platform/threads/refresh) to pull updated username, display name, and avatar from the Threads API.

Build docs developers (and LLMs) love

Get started for freeTalk to us