Skip to main content

Bluesky

Bluesky supports two credential paths in SimplePost:

  • App password — the simplest for personal or server-owned posting.
  • OAuth tokens — better for user-facing apps and Scheduler-connected accounts.

Content support

CapabilitySupport
TextUp to 300 characters.
MediaImages only.
Media limitUp to 4 images.
Empty postsNot allowed; provide text or images.
Threads (reply chains)Pass replyTo ({ root, parent } post refs) to chain a reply onto an existing thread.

App password setup

  1. Open Bluesky settings.
  2. Create an app password.
  3. Store the app password with the Bluesky handle or DID.

This is the fastest setup for SDK, CLI, and the self-hosted REST server.

OAuth setup

Bluesky OAuth is decentralized and uses a public client metadata document instead of a traditional developer dashboard. The CLI ships with a bundled OAuth client (simplepost account add bluesky), so you usually do not need to host your own. See Bluesky OAuth app setup only if you need a custom client.

OAuth refresh is DPoP-bound and tokens rotate — see token rotation.

Environment variables

BLUESKY_ACCESS_TOKEN=
BLUESKY_REFRESH_TOKEN=
BLUESKY_DID=
BLUESKY_PDS_URL=

Env-only setup activates when BLUESKY_ACCESS_TOKEN, BLUESKY_DID, and BLUESKY_PDS_URL are all set. BLUESKY_REFRESH_TOKEN is optional for short-lived posting.

For app-password posting, pass credentials directly through SDK options instead:

await post({
  content: { text: "Hello Bluesky" },
  platforms: ["bluesky"],
  options: {
    bluesky: {
      credentials: {
        identifier: "yourbrand.bsky.social",
        appPassword: "xxxx-xxxx-xxxx-xxxx",
      },
    },
  },
});

For OAuth tokens, DPoP keys are required. Scheduler stores DPoP keys automatically. If you use the SDK directly, pass the DPoP public and private JWKs in options.bluesky.credentials.

REST server account

Add one of these entries under accounts in the self-hosted REST server's accounts.json.

App password:

{
  "id": "bsky-main",
  "platform": "bluesky",
  "credentials": {
    "identifier": "yourbrand.bsky.social",
    "appPassword": "xxxx-xxxx-xxxx-xxxx"
  }
}

OAuth:

{
  "id": "bsky-main",
  "platform": "bluesky",
  "username": "yourbrand.bsky.social",
  "platformAccountId": "did:plc:...",
  "credentials": {
    "accessToken": "...",
    "refreshToken": "...",
    "did": "did:plc:...",
    "pdsUrl": "https://bsky.social"
  }
}