Bluesky is the only major platform in post mate that still uses an app-password flow instead of OAuth. You generate a single-purpose password at bsky.app/settings/app-passwords and paste it into post mate. The platform team is working on OAuth — once it ships, existing connections will keep working.
Connect Bluesky in 5 steps
- Open bsky.app/settings/app-passwords
Sign in to Bluesky on the web. Click "Add App Password", give it a name like "post mate", and copy the generated password. It looks like xxxx-xxxx-xxxx-xxxx — 16 characters with three dashes.
- Open /app/connections and click "Connect Bluesky"
post mate opens a small form asking for your Bluesky handle (with or without the @, with the full domain like name.bsky.social) and the app password you just copied.
- Submit
post mate calls com.atproto.server.createSession with your handle and the app password. If it succeeds, the connection appears as a row. If Bluesky rejects, the most common cause is using your real password instead of the app password.
- Compose your first post
In /app/compose, pick the Bluesky account, write up to 300 characters, attach up to 4 images (with alt text — Bluesky's culture expects it). Quote posts work by pasting any bsky.app URL — post mate detects and embeds it.
- Schedule and observe
At publish, post mate sends app.bsky.feed.post and stores the at:// URI. Bluesky doesn't enforce many rate limits, but if your app password is revoked the connection turns red and the queue pauses.
Once you're back inside post mate the account shows up on /app/connections with a green connection dot. From there it's available as a target in every composer.
What you can post to Bluesky from post mate
- ✓Text post — Up to 300 characters.
- ✓Images — Up to 4 per post; Bluesky shows the first 4.
- ✓Short video — MP4, up to 60s.
- ✓Alt text
- ✓Quote post — Paste a Bluesky URL in /app/compose.
- ✓Reply chains
- ×Detailed analytics — AT Protocol exposes very little metric data.
Bluesky API capabilities — the honest list
What works
- Text up to 300 chars
- Up to 4 images with alt text
- Short video
- Reply chains
- Quote posts
- Multiple accounts
What the API doesn't expose
- OAuth (not yet — app passwords only)
- Polls
- Detailed engagement analytics
- Editing a post (delete + repost is the workaround)
- Scheduling posts to non-self accounts
FAQs
Why an app password and not OAuth?
Bluesky's OAuth spec is still in beta. App passwords are the official way to authorise third-party clients in 2026. When OAuth ships, post mate will support both.
Is the app password the same as my Bluesky password?
No. App passwords are single-purpose tokens generated at bsky.app/settings/app-passwords. They cannot change your main password and can be revoked without affecting your account.
Can I post to multiple Bluesky handles?
Yes. Generate a separate app password for each handle, add each as its own connection.
Why did my Bluesky post fail?
Usually a revoked app password or an image larger than 1 MB. Bluesky rejects oversized media — re-encode and retry.
Does post mate store my real Bluesky password?
No. We only store the app password, encrypted at rest. You can revoke it any time from bsky.app/settings/app-passwords.
Ready to schedule your first post?
Sign up for post mate, connect Bluesky from /app/connections, and start cross-posting from a single composer. 14-day free trial, cancel anytime — no credit card to start the trial when you sign up with Google.