OAuth Tokens

Defining what token types are used throughout this documentation

OAuth Tokens

Mastodon supports two different types of OAuth Tokens: App tokens and User tokens. Throughout this documentation you will see these token types referenced in the OAuth field for API endpoints.

The OAuth field also references Public, in which case no OAuth access token needs to be supplied to access the API endpoint.

App tokens

In order to receive an App token, you must perform a client credentials grant flow, which gives you a token that can be used to interact with the API on behalf of the OAuth Application. Currently the only API endpoints that accepts this token type are:

GET /api/v1/apps/verify_credentials
POST /api/v1/accounts

User tokens

In order to create a User token, you must perform a authorization code grant flow, which gives you an access token that is associated with the user who approves the access grant request.

Many Mastodon APIs require User tokens and specific scopes to access them.

Last updated October 10, 2024 · Improve this page