AT Protocol Developers
@atproto.com
Social networking technology created by Bluesky.
Developer-focused account. Follow @bsky.app for general announcements!
Bluesky API docs: docs.bsky.app
AT Protocol specs: atproto.com
Developer-focused account. Follow @bsky.app for general announcements!
Bluesky API docs: docs.bsky.app
AT Protocol specs: atproto.com
We just released Tap, a tool designed to handle the hard parts of repo synchronization, so you can focus on building your application.
It's now easier than ever to stay up to date with Atmosphere records for dev, data analysis, or any other task at hand!
docs.bsky.app/blog/introdu...
It's now easier than ever to stay up to date with Atmosphere records for dev, data analysis, or any other task at hand!
docs.bsky.app/blog/introdu...
Introducing Tap: Repository Synchronization Made Simple | Bluesky
Just about every app built on AT needs data from a repository at some point. For many use cases – feed generators, labelers, bots – streaming live data through a Relay or Jetstream works well. But som...
docs.bsky.app
December 12, 2025 at 7:26 PM
We just released Tap, a tool designed to handle the hard parts of repo synchronization, so you can focus on building your application.
It's now easier than ever to stay up to date with Atmosphere records for dev, data analysis, or any other task at hand!
docs.bsky.app/blog/introdu...
It's now easier than ever to stay up to date with Atmosphere records for dev, data analysis, or any other task at hand!
docs.bsky.app/blog/introdu...
if you are new to the IETF, the link below is a good overview of the overall process, including getting set up on the mailing list.
AT (atproto) is still in the process of forming a working group, and coming to consensus on what the charter should look like.
AT (atproto) is still in the process of forming a working group, and coming to consensus on what the charter should look like.
An Unofficial Guide to Participating in the IETF
ietf-wg-aipref.github.io
December 9, 2025 at 8:19 AM
if you are new to the IETF, the link below is a good overview of the overall process, including getting set up on the mailing list.
AT (atproto) is still in the process of forming a working group, and coming to consensus on what the charter should look like.
AT (atproto) is still in the process of forming a working group, and coming to consensus on what the charter should look like.
interested in standardization of AT at the IETF?
there are ongoing discussions happening on the mailing list, and there will be a video call this Wednesday to discuss the scope of work, especially around DIDs and identity.
more details in this email thread: mailarchive.ietf.org/arch/msg/atp...
there are ongoing discussions happening on the mailing list, and there will be a video call this Wednesday to discuss the scope of work, especially around DIDs and identity.
more details in this email thread: mailarchive.ietf.org/arch/msg/atp...
December 9, 2025 at 8:13 AM
interested in standardization of AT at the IETF?
there are ongoing discussions happening on the mailing list, and there will be a video call this Wednesday to discuss the scope of work, especially around DIDs and identity.
more details in this email thread: mailarchive.ietf.org/arch/msg/atp...
there are ongoing discussions happening on the mailing list, and there will be a video call this Wednesday to discuss the scope of work, especially around DIDs and identity.
more details in this email thread: mailarchive.ietf.org/arch/msg/atp...
We're presenting this scheme so that software engineers can comment on potential concerns or weaknesses. If you'd like to share feedback, please use this github discussion: github.com/bluesky-soci...
November 18, 2025 at 11:04 PM
We're presenting this scheme so that software engineers can comment on potential concerns or weaknesses. If you'd like to share feedback, please use this github discussion: github.com/bluesky-soci...
"Find friends by phone" is a common tool in social networks. We're proposing a secure scheme and requesting comments from the dev community.
Goals:
・Double opt-in: you're not findable by your phone unless YOU use the tool
・Secure to enumeration attacks
・Resistant to decryption if compromised
Goals:
・Double opt-in: you're not findable by your phone unless YOU use the tool
・Secure to enumeration attacks
・Resistant to decryption if compromised
Request For Comments: A secure contact import scheme for social networks | Bluesky
This article outlines plans for a future Bluesky feature \- it doesn’t exist yet\! By sharing our ideas early, we hope to solicit feedback from the community.
docs.bsky.app
November 18, 2025 at 11:04 PM
"Find friends by phone" is a common tool in social networks. We're proposing a secure scheme and requesting comments from the dev community.
Goals:
・Double opt-in: you're not findable by your phone unless YOU use the tool
・Secure to enumeration attacks
・Resistant to decryption if compromised
Goals:
・Double opt-in: you're not findable by your phone unless YOU use the tool
・Secure to enumeration attacks
・Resistant to decryption if compromised
Reposted by AT Protocol Developers
Recently we hired @jimray.bsky.team as a new devrel at Bluesky, and I wanted to give him an overview of the Atmosphere. We recorded the session!
I give you: Squeeky Board with Paul and Jim, a detailed overview of AT://
I give you: Squeeky Board with Paul and Jim, a detailed overview of AT://
Squeeky Board with Paul and Jim
YouTube video by Paul Frazee
www.youtube.com
November 11, 2025 at 11:33 PM
Recently we hired @jimray.bsky.team as a new devrel at Bluesky, and I wanted to give him an overview of the Atmosphere. We recorded the session!
I give you: Squeeky Board with Paul and Jim, a detailed overview of AT://
I give you: Squeeky Board with Paul and Jim, a detailed overview of AT://
the operations to be removed have been publicly archived, and the changes can be independently verified.
we plan to execute this change in roughly a week (no sooner than 2025-11-06).
you can read more in this github announcement.
we plan to execute this change in roughly a week (no sooner than 2025-11-06).
you can read more in this github announcement.
PLC Operational Updates (October 2025) · bluesky-social atproto · Discussion #4316
Our near-term roadmap for PLC involves implementing a fully-validating read-replica service. It’s important that replicas agree on which PLC operations are valid and which are not. Due to past bugs...
github.com
October 29, 2025 at 6:36 PM
the operations to be removed have been publicly archived, and the changes can be independently verified.
we plan to execute this change in roughly a week (no sooner than 2025-11-06).
you can read more in this github announcement.
we plan to execute this change in roughly a week (no sooner than 2025-11-06).
you can read more in this github announcement.
for folks working with the PLC identity system:
we are planning to remove a set of non-compliant operations from the directory, which should make it easier to implement replicas and audits. these are predominantly test operations created by security researchers.
we are planning to remove a set of non-compliant operations from the directory, which should make it easier to implement replicas and audits. these are predominantly test operations created by security researchers.
October 29, 2025 at 6:35 PM
for folks working with the PLC identity system:
we are planning to remove a set of non-compliant operations from the directory, which should make it easier to implement replicas and audits. these are predominantly test operations created by security researchers.
we are planning to remove a set of non-compliant operations from the directory, which should make it easier to implement replicas and audits. these are predominantly test operations created by security researchers.
we are still cooking on docs and resources for permissions ("auth scopes"), but those will slot right in to these libraries and examples
October 22, 2025 at 8:29 PM
we are still cooking on docs and resources for permissions ("auth scopes"), but those will slot right in to these libraries and examples
app devs: we have some new AT OAuth resources and examples for you!
linked off this intro page we have new example projects showing how to do client auth using reference SDKs for TypeScript and Go.
and the buried lede: an Expo library for doing AT OAuth in React Native mobile apps
linked off this intro page we have new example projects showing how to do client auth using reference SDKs for TypeScript and Go.
and the buried lede: an Expo library for doing AT OAuth in React Native mobile apps
OAuth Introduction - AT Protocol
OAuth for AT Protocol application developers.
atproto.com
October 22, 2025 at 8:28 PM
app devs: we have some new AT OAuth resources and examples for you!
linked off this intro page we have new example projects showing how to do client auth using reference SDKs for TypeScript and Go.
and the buried lede: an Expo library for doing AT OAuth in React Native mobile apps
linked off this intro page we have new example projects showing how to do client auth using reference SDKs for TypeScript and Go.
and the buried lede: an Expo library for doing AT OAuth in React Native mobile apps
Reposted by AT Protocol Developers
atmosphere devs! 🧑🚀
just published a protocol checkin: docs.bsky.app/blog/protoco...
tl;dr
expect to see a lot of updates from us in the next few months. we're hard at work on making AT easier to build on & ensuring the network remains a resilient foundation for the future of open social
just published a protocol checkin: docs.bsky.app/blog/protoco...
tl;dr
expect to see a lot of updates from us in the next few months. we're hard at work on making AT easier to build on & ensuring the network remains a resilient foundation for the future of open social
Protocol Check-in (Fall 2025) | Bluesky
We last shared a protocol roadmap back in March 2025, and wow does time fly. If we're being honest, we haven't tied a bow on as many of these threads as we would've hoped. Oh time, strength, cash, and...
docs.bsky.app
October 20, 2025 at 9:59 PM
atmosphere devs! 🧑🚀
just published a protocol checkin: docs.bsky.app/blog/protoco...
tl;dr
expect to see a lot of updates from us in the next few months. we're hard at work on making AT easier to build on & ensuring the network remains a resilient foundation for the future of open social
just published a protocol checkin: docs.bsky.app/blog/protoco...
tl;dr
expect to see a lot of updates from us in the next few months. we're hard at work on making AT easier to build on & ensuring the network remains a resilient foundation for the future of open social
Reposted by AT Protocol Developers
okay and as promised, the bluesky PDS is officially open for returning users to migrate their accounts back!
hoping this lowers the stakes & gives folks the confidence to explore some other PDSs in the network!
docs.bsky.app/blog/incomin...
hoping this lowers the stakes & gives folks the confidence to explore some other PDSs in the network!
docs.bsky.app/blog/incomin...
Enabling Account Migration Back to Bluesky’s PDS | Bluesky
One of the core promises of AT is the seamless account migration between PDS hosts. Since federation opened up in the AT network, it has been possible to migrate away from the Bluesky PDS and between ...
docs.bsky.app
September 26, 2025 at 6:12 PM
okay and as promised, the bluesky PDS is officially open for returning users to migrate their accounts back!
hoping this lowers the stakes & gives folks the confidence to explore some other PDSs in the network!
docs.bsky.app/blog/incomin...
hoping this lowers the stakes & gives folks the confidence to explore some other PDSs in the network!
docs.bsky.app/blog/incomin...
All services should now be recovered!
An upstream network problem has been impacting almost all Bluesky network services for the past 3-4 hours. Posting and other public interactions are disrupted for many accounts.
As connectivity recovers, the firehose and other services will see large surges of events.
As connectivity recovers, the firehose and other services will see large surges of events.
September 24, 2025 at 1:16 PM
All services should now be recovered!
An upstream network problem has been impacting almost all Bluesky network services for the past 3-4 hours. Posting and other public interactions are disrupted for many accounts.
As connectivity recovers, the firehose and other services will see large surges of events.
As connectivity recovers, the firehose and other services will see large surges of events.
September 24, 2025 at 12:37 PM
An upstream network problem has been impacting almost all Bluesky network services for the past 3-4 hours. Posting and other public interactions are disrupted for many accounts.
As connectivity recovers, the firehose and other services will see large surges of events.
As connectivity recovers, the firehose and other services will see large surges of events.
Reposted by AT Protocol Developers
very excited to share this update about bringing AT to the IETF!
last week we uploaded two drafts to the IETF datatracker and today we heard that we’re approved to host a Birds of a Feather at IETF 124 (the formal meeting towards establishing a working group)
last week we uploaded two drafts to the IETF datatracker and today we heard that we’re approved to host a Birds of a Feather at IETF 124 (the formal meeting towards establishing a working group)
Taking AT to the IETF | Bluesky
Last week we posted two drafts to the IETF Data Tracker. This is the first major step towards standardizing parts of AT in an effort to establish long-term governance for the protocol.
docs.bsky.app
September 23, 2025 at 9:20 PM
very excited to share this update about bringing AT to the IETF!
last week we uploaded two drafts to the IETF datatracker and today we heard that we’re approved to host a Birds of a Feather at IETF 124 (the formal meeting towards establishing a working group)
last week we uploaded two drafts to the IETF datatracker and today we heard that we’re approved to host a Birds of a Feather at IETF 124 (the formal meeting towards establishing a working group)
Reposted by AT Protocol Developers
excited to share that we are following through on our earlier commitments and putting together an independent+neutral organization to house the DID PLC system, includes the directory service
Creating an Independent Public Ledger of Credentials (PLC) Directory Organization | Bluesky
The Bluesky Social app is built on an open network protocol that refers to each user by a unique Decentralized Identifier, or DID (a W3C standard). The most popular supported DID method was developed ...
docs.bsky.app
September 19, 2025 at 9:31 AM
excited to share that we are following through on our earlier commitments and putting together an independent+neutral organization to house the DID PLC system, includes the directory service
Quick update on Auth Scopes!
Covering the granular permissions roll out for end users and client app devs. Permission Sets and formal specifications are still being worked on. We recommend devs start exploring and experimenting, but hold off on shipping major production app updates for now.
Covering the granular permissions roll out for end users and client app devs. Permission Sets and formal specifications are still being worked on. We recommend devs start exploring and experimenting, but hold off on shipping major production app updates for now.
Progress on Auth Scopes Implementation (August 2025) · bluesky-social atproto · Discussion #4118
Since our last update on Auth Scopes, the Bluesky team has been hard at work adding support to our reference PDS implementation. Aspects of this work are starting to roll out in the production netw...
github.com
August 18, 2025 at 7:04 PM
Quick update on Auth Scopes!
Covering the granular permissions roll out for end users and client app devs. Permission Sets and formal specifications are still being worked on. We recommend devs start exploring and experimenting, but hold off on shipping major production app updates for now.
Covering the granular permissions roll out for end users and client app devs. Permission Sets and formal specifications are still being worked on. We recommend devs start exploring and experimenting, but hold off on shipping major production app updates for now.
Reposted by AT Protocol Developers
Adversarial ATProto PDS Migration www.da.vidbuchanan.co.uk/blog/adversa...
aka how to migrate your account if your old PDS explodes, and how to prepare for it in advance
aka how to migrate your account if your old PDS explodes, and how to prepare for it in advance
Adversarial ATProto PDS Migration | Blog
www.da.vidbuchanan.co.uk
July 28, 2025 at 6:50 PM
Adversarial ATProto PDS Migration www.da.vidbuchanan.co.uk/blog/adversa...
aka how to migrate your account if your old PDS explodes, and how to prepare for it in advance
aka how to migrate your account if your old PDS explodes, and how to prepare for it in advance
we just published an updated proposal for "Auth Scopes", and are interested in your feedback!
this is a mechanism for OAuth clients to request granular permissions to PDS resources. for example, only write repo records of specific types, or only authenticate to specific remote endpoints
this is a mechanism for OAuth clients to request granular permissions to PDS resources. for example, only write repo records of specific types, or only authenticate to specific remote endpoints
github.com
July 1, 2025 at 11:12 PM
we just published an updated proposal for "Auth Scopes", and are interested in your feedback!
this is a mechanism for OAuth clients to request granular permissions to PDS resources. for example, only write repo records of specific types, or only authenticate to specific remote endpoints
this is a mechanism for OAuth clients to request granular permissions to PDS resources. for example, only write repo records of specific types, or only authenticate to specific remote endpoints
OAuth updates for app devs!
Over the past few weeks we've been chatting with devs and doing a pass over our SDKs and docs to address issues. This blog post summarizes the main changes we've made, some tweaks still in flight, and links to longer form writing about security and design trade-offs
Over the past few weeks we've been chatting with devs and doing a pass over our SDKs and docs to address issues. This blog post summarizes the main changes we've made, some tweaks still in flight, and links to longer form writing about security and design trade-offs
OAuth Improvements | Bluesky
We've been making improvements to the end-user and developer experiences with atproto OAuth, and wanted to share some updates.
docs.bsky.app
June 13, 2025 at 7:26 PM
OAuth updates for app devs!
Over the past few weeks we've been chatting with devs and doing a pass over our SDKs and docs to address issues. This blog post summarizes the main changes we've made, some tweaks still in flight, and links to longer form writing about security and design trade-offs
Over the past few weeks we've been chatting with devs and doing a pass over our SDKs and docs to address issues. This blog post summarizes the main changes we've made, some tweaks still in flight, and links to longer form writing about security and design trade-offs
We hope this sheds some light for app devs on some protocol design decisions which have caused some friction.
We'll have a separate update soon summarizing recent improvements to the OAuth developer and user experiences
We'll have a separate update soon summarizing recent improvements to the OAuth developer and user experiences
June 13, 2025 at 12:17 AM
We hope this sheds some light for app devs on some protocol design decisions which have caused some friction.
We'll have a separate update soon summarizing recent improvements to the OAuth developer and user experiences
We'll have a separate update soon summarizing recent improvements to the OAuth developer and user experiences
Two types of OAuth client are supported by atproto: "public" and "confidential"
This new article digs in to the security trade-offs and safety mechanisms at play, and how they impact different app architectures: TMBs, BFFs, SPAs, etc
This new article digs in to the security trade-offs and safety mechanisms at play, and how they impact different app architectures: TMBs, BFFs, SPAs, etc
OAuth Client Security in the Atmosphere · bluesky-social atproto · Discussion #3950
The following was written by the Bluesky team as an overview of OAuth client security considerations, especially for client app developers or readers of the ATProto OAuth profile specification. Set...
github.com
June 13, 2025 at 12:14 AM
Two types of OAuth client are supported by atproto: "public" and "confidential"
This new article digs in to the security trade-offs and safety mechanisms at play, and how they impact different app architectures: TMBs, BFFs, SPAs, etc
This new article digs in to the security trade-offs and safety mechanisms at play, and how they impact different app architectures: TMBs, BFFs, SPAs, etc
bsky.storage is an independent project that automates periodic account data backups to a storage network, and has a UI for PLC identity backup and recovery
tools like this give users stronger control of their online future, without needing to self-host an entire PDS
tools like this give users stronger control of their online future, without needing to self-host an entire PDS
The internet was meant to be free - your identity shouldn’t be locked behind a login screen.
Introducing bsky.storage 🐔🤝🦋
Now you can back up your Bluesky data hourly + recover your account if Bluesky ever goes dark. Simple, free, & fully in your control.
Learn more:
medium.com/@storacha/in...
Introducing bsky.storage 🐔🤝🦋
Now you can back up your Bluesky data hourly + recover your account if Bluesky ever goes dark. Simple, free, & fully in your control.
Learn more:
medium.com/@storacha/in...
Introducing bsky.storage: Own Your Social Identity
Take back control of your online identity. Our new tool, bsky.storage, backs up your Bluesky account hourly — free, secure &…
medium.com
June 12, 2025 at 6:13 PM
bsky.storage is an independent project that automates periodic account data backups to a storage network, and has a UI for PLC identity backup and recovery
tools like this give users stronger control of their online future, without needing to self-host an entire PDS
tools like this give users stronger control of their online future, without needing to self-host an entire PDS
we've rolled out some small changes to the DID PLC directory which make it possible to register new key types as verificationMethod entries, for non-atproto use cases.
(this does not impact the PLC rotation key mechanism itself; that is still limited to P-256 and K-256)
have fun building on PLC!
(this does not impact the PLC rotation key mechanism itself; that is still limited to P-256 and K-256)
have fun building on PLC!
Relaxing DID PLC Verification Method Constraints, June 2025 · bluesky-social atproto · Discussion #3928
We’ve made a minor change to the PLC Directory service, with the aim of expanding compatibility with non-atproto apps and services: “verificationMethod” keys can now be almost any key type, includi...
github.com
June 5, 2025 at 8:59 PM
we've rolled out some small changes to the DID PLC directory which make it possible to register new key types as verificationMethod entries, for non-atproto use cases.
(this does not impact the PLC rotation key mechanism itself; that is still limited to P-256 and K-256)
have fun building on PLC!
(this does not impact the PLC rotation key mechanism itself; that is still limited to P-256 and K-256)
have fun building on PLC!
Reposted by AT Protocol Developers
fresh atproto proposal! this one is for the oauth, app architecture, and security folks: github.com/bluesky-soci...
here we're defying the labels of traditionally "public" vs "confidential" oauth clients, and challenging assumptions about what it means to be a browser-based app. 1/8
here we're defying the labels of traditionally "public" vs "confidential" oauth clients, and challenging assumptions about what it means to be a browser-based app. 1/8
proposals/0010-client-assertion-backend at main · bluesky-social/proposals
Bluesky proposal discussions. Contribute to bluesky-social/proposals development by creating an account on GitHub.
github.com
June 5, 2025 at 2:36 AM
fresh atproto proposal! this one is for the oauth, app architecture, and security folks: github.com/bluesky-soci...
here we're defying the labels of traditionally "public" vs "confidential" oauth clients, and challenging assumptions about what it means to be a browser-based app. 1/8
here we're defying the labels of traditionally "public" vs "confidential" oauth clients, and challenging assumptions about what it means to be a browser-based app. 1/8