naftiko: 1.0.0-alpha2 info: label: Threads API — Authorization description: 'Threads API — Authorization. 2 operations. Lead operation: Get Long-Lived Access Token. Self-contained Naftiko capability covering one Threads Api business surface.' tags: - Threads Api - Authorization created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: THREADS_API_API_KEY: THREADS_API_API_KEY capability: consumes: - type: http namespace: threads-authorization baseUri: http://{{api_host}} description: Threads API — Authorization business capability. Self-contained, no shared references. resources: - name: access_token path: /access_token operations: - name: get method: GET description: Get Long-Lived Access Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: grant_type in: query type: string - name: client_secret in: query type: string - name: oauth-access_token path: /oauth/access_token operations: - name: post method: POST description: Exchange the Code For a Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: client_id in: query type: string description: 'Your Threads App ID displayed in App Dashboard > App settings > Basic > Threads App ID. Example: 990602627938098.' - name: client_secret in: query type: string description: 'Your Threads App Secret displayed in App Dashboard > App settings > Basic > Threads App secret. Example: a1b2C3D4.' - name: code in: query type: string description: Authorization Code - name: grant_type in: query type: string description: This value is required - name: redirect_uri in: query type: string description: The redirect URI you passed when you directed the user to the Authorization Window. This must be the same URI or the request will be rejected. - name: body in: body type: object description: Request body (JSON). required: false exposes: - type: rest namespace: threads-authorization-rest port: 8080 description: REST adapter for Threads API — Authorization. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/access-token name: access-token description: REST surface for access_token. operations: - method: GET name: get description: Get Long-Lived Access Token call: threads-authorization.get with: grant_type: rest.grant_type client_secret: rest.client_secret outputParameters: - type: object mapping: $. - path: /v1/oauth/access-token name: oauth-access-token description: REST surface for oauth-access_token. operations: - method: POST name: post description: Exchange the Code For a Token call: threads-authorization.post with: client_id: rest.client_id client_secret: rest.client_secret code: rest.code grant_type: rest.grant_type redirect_uri: rest.redirect_uri body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: threads-authorization-mcp port: 9090 transport: http description: MCP adapter for Threads API — Authorization. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-long-lived-access-token description: Get Long-Lived Access Token hints: readOnly: true destructive: false idempotent: true call: threads-authorization.get with: grant_type: tools.grant_type client_secret: tools.client_secret outputParameters: - type: object mapping: $. - name: exchange-code-token description: Exchange the Code For a Token hints: readOnly: false destructive: false idempotent: false call: threads-authorization.post with: client_id: tools.client_id client_secret: tools.client_secret code: tools.code grant_type: tools.grant_type redirect_uri: tools.redirect_uri body: tools.body outputParameters: - type: object mapping: $.