IndieWebCamp is a 2-day creator camp focused on growing the independent web


(Redirected from micropub)

Micropub is an open API standard that is used to create posts on one's own domain using third-party clients. Web apps and native apps (e.g. iPhone, Android) can use Micropub to post short notes, photos, events or other posts to your own site, similar to a Twitter client posting to

Aaron Parecki
Per CC0, to the extent possible under law, the editors have waived all copyright and related or neighboring rights to this work. In addition, as of 2014-11-01, the editors have made this specification available under the Open Web Foundation Agreement Version 1.0.



IndieWeb Examples

Examples of IndieWeb sites that support the micropub API (in order of deployment).

Aaron Parecki

Aaron Parecki supports publishing various post types on using micropub since 2013-12-25.

  • 2013-12-25 note micropub publishing support added
  • 2013-12-28 pushup micropub publishing support added
  • 2014-02-24 photo micropub publishing support added

Barnaby Walters

Barnaby Walters posts notes and replies on (Taproot) since 2014-03-10 using Shrewdness and Taproot as micropub clients

Kartik Prabhu

Kartik posts notes on via micropub using Quill since 2014-05-24


Ben has written a Known plugin that logs in via IndieAuth and publishes content via micropub. It's designed to work so that all indieweb post types - notes etc - are passed to the content plugin registered to handle them. [1]


Ben Roberts posts to his Postly site via micropub. Photos are posted using OwnYourGram and Notes, Replies, and Articles are posted using his own Postly Client. Deleting entries via micropub added 2014-09-28.

Jeremy Keith

Jeremy Keith supports posting notes and photos via micropub since 2014-10-21.


Sites and client applications that publish via micropub. Alphabetically sorted.

JonnyBarnes post UI is publicly available at


Emma's Neonblog post UI creates notes and articles via micropub.


Ben Roberts' Postly creates notes and articles via micropub and can add syndication links after posting. synditate-to links are passed as a php readable array field not a comma separated list. Publicly Available UI


aaronpk's OwnYourGram is a tool to reverse-syndicate instagram photos to your personal site, using micropub.

  • The signup process contains lots of useful documentation and debugging information to help get new micropub implementations working.


aaronpk's PushupCounter-iOS is an iOS client for publishing exercise data.


Quill is a reference Micropub client you can use to post notes to your site.

  • The signup process walks you through configuring your website to accept Micropub requests from apps like this.


Shrewdness - indieweb reader


Barnaby's Taproot publishes notes via micropub. The post UI is publicly accessible, and you can use it to make posts on your own website. As of 2014-06-12 it’s also marked up with h-product and h-x-app markup so that authorization UIs can provide a better experience whilst authorizing, without having to pre-register apps and upload logos

Client implementation requests

Requests for clients to implement Micropub


Macaw is an "open source micro-blogging client, with support for ADN ( and Twitter ("

Request for Micropub support:

Open Source

Open source libraries & implementations used to support micropub on the client app side and on the API endpoint side on the server:

How to implement

How to implement the Micropub API, both in a client that can discover an endpoint and publish to it, and on a server to support an endpoint to create/update/delete posts in response.

Endpoint Discovery

It should be possible to configure an API client by authenticating as your domain name using IndieAuth. After signing in, your domain needs a way to specify the (one or more?) API endpoint the client will use to create new posts.

Add a <link> tag in the HTML head of your home page, or send an HTTP Link header.

HTTP Header

Link: <>; rel="micropub"


<link rel="micropub" href="">


Authorization should be handled via the IndieAuth protocol (built on top of OAuth 2.0).

An app that wants to post to a user's Micropub endpoint will need to obtain authorization.

When making requests to the Micropub endpoint, the access token should be sent in either an HTTP header or in a post body parameter as described in the OAuth Bearer Token RFC.

HTTP Header

Authorization: Bearer XXXXXXXX

Form-Encoded Body Parameter



The client may request one or more scopes during the authorization request. It does this according to standard OAuth 2.0 techniques, by passing a space-separated list of scope names in the authorization request.

The authorization server must indicate to the user any scopes that are recognized. The token that is generated will contain the scopes approved by the user. Since API clients may be requesting scopes that the API server does not recognize, the list of approved and recognized scopes should be returned along with the access token so the client can decide what to do when it does not have the necessary scopes.


(This section is a stub)

When a Micropub client obtains an access token, it may need to be able to verify the access token is valid and retrieve the URL of the user it belongs to. Micropub endpoints must implement a method that returns basic information about the access token.

Access tokens can be verified by making an empty GET request to the Micropub endpoint with the access token in the header. If the access token is valid, the Micropub endpoint must reply with at least the "me" parameter, and may also return scope, client_id, and expiration date.

Form-encoded Microformats Representation

For the simplicity of writing clients, all requests to a Micropub API must be in the standard form-encoded format. At a most basic level, you should be able to write an HTML form and set the form action to your own endpoint and use it to post to your site.


This section is a stub and probably needs to be thought out more.


A successful creation should return an HTTP 201 Created response and a "Location" header with the full URL to the entry created. The body of the response may be blank, but could optionally include an HTML page rendering the object created or a link to the new object. API clients will most likely ignore the HTML body.

If the post also has a short link, the short link can be indicated as an additional HTTP header:

Link: <>; rel="shortlink"

If the Micropub endpoint returns an HTML body, then the body can contain a <link rel="shortlink" href=""> property or a u-shortlink property with the short URL.

If the post has successfully been syndicated the response should include one or more "Link" headers marked with rel="syndication", e.g.:

Link: <>; rel="syndication"
  • returning HTML makes sense if the item is added and can be rendered accurately immediately. I'm worried about the use case when a new creation requires further processing before it's truly a post. Would a 202 Accepted with a unique id work in this case? 14:30, 14 January 2014 (PST)
    • returning HTML really only makes sense for user agents that can and want to render HTML. e.g. iPhone apps probably don't care about the HTML response. I see your point about returning 202 Accepted if the post cannot yet be rendered before further processing. I believe HTTP allows a `Location` header to be returned in the 202 example anyway. 14:34, 14 January 2014 (PST)


Should return HTTP 200 or 204 depending on whether the response contains content.


Should return HTTP 200 or 204 depending on whether the response contains content.

Creating Objects

Indicating the object being created

To indicate the object being created, use a property called "h", (which would never be the name of a property of a microformats object), followed by the name of the microformats object. Examples:

  • h=entry
  • h=card
  • h=event
  • h=cite


The following properties may be included in a request to create a new h-entry:

  • name
  • summary
  • content
  • published
  • updated
  • category = tag1, tag2, tag3
  • slug
  • location
    • as a Geo URI, for example geo:45.51533714,-122.646538633
    • My micropub client currently has a map to mark the specific location in LatLng values, and a text input for an actual place name. So my client is sending a request of the form "&location=1.23,%40-4.56:An%40Address" 07:57, 10 June 2014 (PDT)
  • in-reply-to
  • syndication
    • Pass one or more URLs pointing to places where this entry already exists. Can be used for PESOS implementations.
  • syndicate-to =,,, etc.
    • This property is slightly different from the others since it is giving a command to the server rather than describing an object.
    • client should identify services by their domain name.
    • are syndication options needed in the client?
New Note

Posting a new note with tags, syndicating to twitter:

  • content
  • category
  • syndicate-to
  • published (optional, defaults to "now" if not present. Useful for writing offline and syncing later)
POST /post/new HTTP/1.1
Content-type: application/x-www-form-urlencoded

Minimal Example
POST /micropub HTTP/1.1
Content-type: application/x-www-form-urlencoded
Authorization: Bearer XXXXXXX

curl -d h=entry -d "content=Hello World" -H "Authorization: Bearer XXXXXXX"
New Reply

Posting a new reply, syndicating to twitter

  • content
  • in-reply-to
  • syndicate-to
  • published
POST /post/new HTTP/1.1
Content-type: application/x-www-form-urlencoded

New Article

Posting a new article

  • content
  • name
  • category
  • published
POST /post/new HTTP/1.1
Content-type: application/x-www-form-urlencoded

New Bookmark

Posting a new bookmark with name, quote, and tags.

  • bookmark
  • name
  • content
  • category
POST /post/new HTTP/1.1
Content-type: application/x-www-form-urlencoded

New Weight Measurement

Aaron currently publishes his weight on his site as a list of h-entry posts (example).

In addition to a human-readable text version of the measurement, the values are marked up with custom properties to make the parsed version machine readable.


"Weighed <data class="p-weight">153.2lbs</data> (<data class="p-weight">69.7kg</data>) <data class="p-bodyfat" value="0.1691">16.9%</data> body fat"

Parsed JSON:

"name": [
  "Weighed 153.2lbs (69.7kg) 16.9% body fat"
"weight": [
"bodyfat": [
"published": [

To be able to create this post from a Micropub API, we would need the following properties:

  • content
  • weight (number with units)
  • bodyfat (percentage in decimal form)
  • published


The following properties may be included in a request to create a new h-event:

Posting a new event

  • name
  • summary
  • description
  • start
  • end
  • duration
  • category
  • location
POST /post/new HTTP/1.1
Content-type: application/x-www-form-urlencoded

&name=IndieWeb Dinner at 21st Amendment
&description=In SF Monday evening? Join @caseorganic and I for an #indieweb dinner at 6pm! (Sorry for the short notice!)


The following properties may be included in a request to create a new h-cite:

(The following list is from

  • name
  • published - date of publication of the work (not the date the h-cite was created)
  • author - URL of an h-card
  • url - a URL to access the cited work
  • content - the content or partial content of the work itself, such as when including a blockquote snippet of a work

Nested Microformat Objects

How to handle nested data? For example when the p-location property is an h-geo vs an h-card.

For an h-geo property, just use a Geo URI such as geo:37.786971,-122.399677

For more complicated objects, it may be best to first create an object on the target site, then reference that object's URL in the main request.

For example, creating a checkin post would involve two POST requests:

First create the venue by posting an h-card:

POST /micropub

&street-address=2505 SE 11th Ave
&tel=(503) 236-3023


HTTP/1.1 201 Created

Then create the checkin post:

POST /micropub

&name=Working on Micropub


HTTP/1.1 201 Created
  • This technique has the advantage of ensuring that each object that is created has its own URL (each piece of Data has its own Link, wink wink)
  • Also gives the server an opportunity to handle each entity separately. E.g., rather than creating a duplicate of an existing venue, it may give back a link to one that was already created, possibly even merging in newly received data first.

Alternative form markup first

An alternative design approach would be form markup first rather than HTTP protocol first.

See related:

If we can figure out how a <form class="h-entry"> should work from a markup / posting UI perspective, then maybe we can derive a protocol from how that uses HTTP accordingly.

(this section is a stub, feel free to expand with a complete form element code example that shows what a form for posting a new h-entry or editing an existing h-entry would look like in terms of minimal HTML markup, then we can figure out the HTTP interaction from that)

Updating Objects

Adding a Syndication URL

Use case: adding a syndication link to a post after it has been published. For example, when a client supports posting first then syndicating to Twitter or Facebook after the fact, the site needs a way to update the original post with the new syndication URL.

To add syndication URLs, the request looks similar to the original "create" request, but includes only the values that are changing.

POST /micropub


Adding Tags

Use case: adding tags to a post after it's been created.

POST /micropub


Question: how to handle removing or replacing tags? One possibility is to have separate parameters for adding, removing and replacing the tags:

  • add_tags=webmention - adds the specified tags
  • remove_tags=indieweb - removes the specified tags
  • tags=webmention,indieweb - replaces the current tag list with the given tag list

Syndicating a Post

After a post is already created, it is sometimes desirable to syndicate a copy of it elsewhere. For example if I first post a photo to my site, then want to syndicate it to Twitter and Facebook after the fact.

Simple Example

A simple micropub request to syndicate an existing post may look like this:

POST /micropub


The micropub endpoint will retrieve the contents of the original post (including a photo if present) and syndicate it to the targets listed in the "syndicate-to" parameter.

Custom Syndication Content

What if you want to provide custom text to the site you are syndicating to? For example, since Twitter posts are limited to 160 characters, you may want to hand-craft a version of the post that fits within the limit.

This may look like a standard micropub request where there is just no h=entry value since it's not creating a new post on the author's site. This way we can include a "content" field. The limitation of course is that only one content field can be present, so the syndicated text will be the same for all targets.

POST /micropub


TODO: Is this a reasonable alternative POST request to specify custom content for multiple silos?

POST /micropub


In PHP and Ruby, this is interpreted as the following object (shown as JSON for convenience):

  "u": "",
  "syndicate-to": [
  "content": {
    "": "Shorter version of the post",
    "": "Content to post to Facebook"

Syndicating likes, reposts, etc

If there is already a "like" post on your site, then syndicating this to Twitter or Facebook is just a standard syndicate request. The micropub endpoint should recognize that the post being syndicated is a "like" and handle it appropriately.

POST /micropub


Discovering Supported Syndication Targets

Since any given micropub endpoint may support syndicating to websites that a client does not know about, the endpoint needs a way to indicate which syndication targets are supported.

The client makes a GET request with q=syndicate-to to query the list of syndication endpoints supported.

GET /micropub?q=syndicate-to
Authorization: Bearer xxxxxxxxx


The list can be generated dynamically depending on the client making the request. For example, I may want to authorize an app to syndicate to IndieNews but not Twitter. In this case, when the app makes the request to find supported syndication targets, my site would only return the IndieNews URL.


A micropub endpoint may wish to restrict syndicating to some or all targets, only explicitly allowing it for specific clients. This can be accomplished with the "scope" parameter when the access token is obtained.


Alternate Content Types

Q: should a markdown-based client send the "content" field as markdown or rendered html? If the latter, should it send an auxiliary field with the raw markdown?

  • Backends that store posts as markdown will want the raw version.
  • Sending HTML means that even endpoints that don't use markdown could make use of a markdown editor for authoring.
  • Aaron Parecki points out that this will not be very useful without the ability to fetch raw content, and resubmit an edited version (which will mean expanding the spec significantly)

Micropub for Comments

Goal: if Aaron is reading Barnaby's website, create an inline comment form on Barnaby's site that can post a comment directly to Aaron's website.

If Aaron's site supports Micropub, Aaron's browser (or Barnaby's server) could make a Micropub request with the contents of the comment form directly to Aaron's website. However, Aaron cannot trust either Barnaby's comment form (it could have malicious hidden properties or change the request before submitting) or Barnaby's server.

Trust-Less Micropub

Rather than Aaron's server issuing an access token to Barnaby's server (which essentially would allow Barnaby's server to post content on Aaron's site as Aaron), "trust-less Micropub" describes a way to support posting content via Micropub without granting full access to the third party client.

1. Aaron is reading a post on Barnaby's website and wants to comment. He fills out the comment form and clicks the "sign in to post" button.

TODO: screenshot mockup

2. Barnaby's site begins the IndieAuth "authentication" flow to discover Aaron's website and his micropub endpoint. The request only includes the "comment" (or maybe "preview"?) scope value, and not the "post" scope, since Barnaby's site is merely trying to identify Aaron, not obtain authorization to act as him.

TODO: screenshot mockup

3. After successfully signing in, Barnaby's server now has an access token for Aaron's site and knows his Micropub endpoint.

4. When Aaron submits the comment form, Barnaby's server (or Aaron's browser, it's equivalent) makes a POST request to Aaron's Micropub endpoint containing the following:

  • comment text
  • other required micropub fields (e.g. h=entry)
  • access token
  • redirect URI - where to redirect Aaron's browser to after the comment is posted

5. Rather than immediately posting the comment, Aaron's browser is directed to Aaron's own website with a token in the URL corresponding to the comment request. Aaron's website authenticates Aaron however it wants, and displays the request of the action Barnaby's website is trying to take. This may look something like the following:

TODO: screenshot mockup

6. After Aaron approves the request, his server posts the comment and then redirects his browser to the redirect URI specified in the original request, taking him back to Barnaby's post.

See the original IRC discussion.

Action Handler Discovery

Main article: mp-config

An alternative to indie-config for discovering the user's action handler URLs. This method does not require a JavaScript or a custom schema handler to be registered in the browser, but it does require the user to support micropub and be signed in on the site they are browsing.

Multiple in-reply-to

It would be nice to have multiple in-reply-to links posted in micropub. With tags and syndicate-to, the values are given as a comma separated list. However, "," is a valid URL character and even given as examples in [2]. This could potentially be a problem for syndicate-to as well. POST methods already have a standard for passing arrays of values. Perhaps we should be using those.

PHP requires "[]" characters in the parameter name to be parsed as an array. Other languages (at least Python) do not, but it would probably make sense to make the [] part of the spec so that PHP implementations don't have to do their own special parsing.

Explicit CRUD

Currently there is no field to specify delete. Updates are implied by existance of a url= field. Updates to content and adding a syndicate-to link simultaneously are not possible as it would be interpreted as syndication text. I suggest we add a field to specify the CRUD operation. Postly uses operation='create', operation='edit', operation='delete', and operation='undelete' (since deleting just removes from public view).

See Also