Mastodon API

REST API for the Mastodon open-source decentralized social network, enabling posting, timeline reading, notifications, account management, and instance administration across any Mastodon-compatible instance.

Evaluated Mar 07, 2026 (0d ago) vcurrent
Homepage ↗ Repo ↗ Social Media mastodon fediverse activitypub decentralized open-source social-media rest-api oauth2
⚙ Agent Friendliness
66
/ 100
Can an agent use this?
🔒 Security
82
/ 100
Is it safe for agents?
⚡ Reliability
71
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
55
Documentation
80
Error Messages
75
Auth Simplicity
75
Rate Limits
72

🔒 Security

TLS Enforcement
100
Auth Strength
78
Scope Granularity
80
Dep. Hygiene
78
Secret Handling
75

TLS enforced on all public instances. OAuth 2.0 with fine-grained read/write/admin scope separation. Open source codebase (AGPL-3.0) means security can be audited; however, instance operators bear responsibility for patching. Client secrets must be stored securely per-instance. The decentralized model means security posture varies by instance — self-hosted instances require operator attention to updates and security hardening.

⚡ Reliability

Uptime/SLA
65
Version Stability
75
Breaking Changes
72
Error Recovery
72
AF Security Reliability

Best When

A developer or open-source project needs a social API with no approval process, no per-post fees, reasonable rate limits, and clean OAuth 2.0 that works well with headless agent workflows.

Avoid When

You need mainstream consumer reach, centralized analytics across the full network, or your users are not already on the fediverse.

Use Cases

  • Building bots that post automated content or respond to mentions on Mastodon instances
  • Monitoring public timelines or hashtag feeds for social listening on the fediverse
  • Creating cross-posting bridges between Mastodon and other social platforms
  • Building custom Mastodon client applications with full account management
  • Automating content moderation or reporting workflows for instance administrators

Not For

  • Reaching mainstream consumer audiences — Mastodon is tech-forward with a smaller user base than Twitter or Meta platforms
  • Commercial marketing automation — Mastodon community norms strongly reject spam; bots must clearly identify themselves
  • Centralized control across all instances — each instance is independently operated with its own rules and rate limits
  • High-follower influencer-style content — network effects are smaller without a centralized algorithm

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
Yes
Webhooks
No
OpenAPI Spec ↗

Authentication

Methods: oauth2 api_key
OAuth: Yes Scopes: Yes

OAuth 2.0 with well-defined scopes: read, write, follow, push, admin:read, admin:write. Apps register on each instance independently — no central developer portal. Client credentials grant (app-level) available for read-only public data without user involvement. Authorization code flow required for user-context writes. Scopes are granular enough to limit agent access to only what's needed. Token lifetime is instance-configured; most instances use long-lived tokens.

Pricing

Model: free
Free tier: Yes
Requires CC: No

API access is free on all public Mastodon instances. Self-hosting a Mastodon instance is free (AGPL-3.0) with server infrastructure costs. No developer account, no application review, no fees at any scale. This is the most frictionless social API for getting started.

Agent Metadata

Pagination
link_header
Idempotent
No
Retry Guidance
Not documented

Known Gotchas

  • App registration is per-instance — an agent must register its client_id/client_secret on each Mastodon instance it wants to interact with; no central registry
  • Instance selection is the biggest decision — mastodon.social is the largest but may have stricter moderation; topic-specific instances may be better for niche use cases
  • Link header pagination (RFC 5988) is used for timelines — agents must parse Link headers rather than JSON cursors for next/prev page navigation
  • Streaming API (WebSocket) provides real-time updates but is instance-specific; some instances disable or rate-limit streaming for apps
  • Bot accounts should set bot: true on the account and follow community norms for their instance; some instances prohibit bots entirely
  • Server-side timeline filtering means the home timeline returns only posts from followed accounts — there is no algorithm; agents must follow accounts to see their posts
  • ActivityPub federation means users exist across instances; handles include the instance domain (e.g., user@instance.social) — agents must handle full qualified handles

Alternatives

{'id': 'bluesky-api', 'reason': 'Also decentralized and agent-friendly, with growing user base and simpler app password auth'} {'id': 'twitter-api-v2', 'reason': 'Much larger user base but expensive, heavily restricted, and hostile to agents'} {'id': 'threads-api', 'reason': 'Larger Meta user base with ActivityPub federation rollout in progress'}

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Mastodon API.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6470
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered