|
| 1 | +--- |
| 2 | +title: "Mastodon 4.5 for Developers" |
| 3 | +description: "Mastodon 4.5 contains several technical changes that developers will want to learn about." |
| 4 | +date: 2025-10-29 |
| 5 | +slug: mastodon-4-5-for-devs |
| 6 | +authors: |
| 7 | + - mastodon |
| 8 | +tags: |
| 9 | + - mastodon |
| 10 | + - engineering |
| 11 | +categories: |
| 12 | + - Engineering |
| 13 | +resources: |
| 14 | +- name: hero |
| 15 | + src: hero.png |
| 16 | +draft: false |
| 17 | +--- |
| 18 | + |
| 19 | +Mastodon 4.5 is almost ready. We just released the first (and hopefully only) [release candidate](https://github.com/mastodon/mastodon/releases/tag/v4.5.0-rc.1), and the final release should be coming along very soon. This is once again a good time to highlight some of the new features and changes that are important to anyone building on top of Mastodon and its APIs. |
| 20 | + |
| 21 | +This post has two major sections: updates that are likely to be most relevant for developers of Mastodon client applications, and updates that are more applicable to the broader Fediverse and other ActivityPub-compatible services. |
| 22 | + |
| 23 | +Remember that we also post a monthly engineering update (our [Trunk and Tidbits](https://blog.joinmastodon.org/categories/trunk-and-tidbits/) series). If you’ve been reading them every month, some of these changes may be familiar. You’ll see below that there are a lot of useful new additions that have arrived during this development cycle. |
| 24 | + |
| 25 | +Let's have a look at what's new here. |
| 26 | + |
| 27 | +## Client apps |
| 28 | + |
| 29 | +### Quote Posts |
| 30 | + |
| 31 | +Mastodon 4.4 included the ability to verify and display consent-respecting quote posts, as defined by a Fediverse Enhancement Proposal that we shared: [FEP-044f](https://codeberg.org/fediverse/fep/src/branch/main/fep/044f/fep-044f.md). |
| 32 | + |
| 33 | +We previously introduced two new API entities to represent quotes, [Quote](https://docs.joinmastodon.org/entities/Quote/) and [ShallowQuote](https://docs.joinmastodon.org/entities/ShallowQuote/). Mastodon 4.5 improves these by adding new states: `blocked_account`, `blocked_domain`, and `muted_account`. These are cases where the quote is authorized, but should not be displayed by default to the user currently viewing the post. Mastodon 4.4 returned a state of `unauthorized` in those cases, but we decided that applications should be able to offer a way to see the quoted posts anyway. See the documentation of the entities above, and [this PR](https://github.com/mastodon/mastodon/pull/36619). |
| 34 | + |
| 35 | +The biggest change compared to 4.4 is of course that we now allow authoring of quote posts! In the REST API this can be as simple as adding a `quoted_status_id` attribute when creating a new status. As a minimum however, clients should make sure that quoting the status in question is allowed. To help you get acquainted with all of the relevant changes to the API, we added an ["Implementing quote posts" guide](https://docs.joinmastodon.org/client/quotes/) to the developer documentation. |
| 36 | + |
| 37 | +### Fetch all replies, and AsyncRefresh |
| 38 | + |
| 39 | +Mastodon 4.4 introduced a new feature to fetch missing replies to a remote status. This was not enabled by default, and had no immediate effect in any user interfaces. Mastodon 4.5 enables the feature by default, and also includes some user-facing changes in the web UI that support it. |
| 40 | + |
| 41 | +The challenge here is that finding out *whether replies are missing*, and the actual *fetching of missing replies*, both happen in asynchronous background jobs; tasks that are independent of the client's API request. We face this problem in a number of places across the Mastodon code base, so we wanted to come up with a generic solution. |
| 42 | + |
| 43 | +To support the pattern, we added a new API called [AsyncRefresh](https://docs.joinmastodon.org/methods/async_refreshes/). When an endpoint has an associated background refresh job, its response may include the `Mastodon-Async-Refresh` HTTP header to indicate that there are additional tasks being performed. Clients can then poll the AsyncRefresh endpoint to check the status of the job, and decide when to re-request the original resource. This is covered in the new documentation linked above. |
| 44 | + |
| 45 | +We decided to make "Fetch all replies" the first use-case to try out this new API. When querying the [`/api/v1/statuses/:id/context` endpoint](https://docs.joinmastodon.org/methods/statuses/#context) you might now encounter the new custom HTTP header. |
| 46 | + |
| 47 | +Please note that the new AsyncRefresh API is still marked as being *experimental*. We want to ensure that it works for at least one other use-case before declaring it final. We commit to keeping the experimental endpoint around for one Mastodon version after releasing the final endpoint, to help ease the transition. |
| 48 | + |
| 49 | +## Fediverse ecosystem |
| 50 | + |
| 51 | +Mastodon is part of a much larger constellation - the Fediverse, powered by ActivityPub and related open standards. We want to contribute to the whole system, and integrate well with other apps and services in the Fediverse. |
| 52 | + |
| 53 | +### Quote Posts |
| 54 | + |
| 55 | +We released the specification for consent-respecting quote posts (aka [FEP-044f](https://codeberg.org/fediverse/fep/src/branch/main/fep/044f/fep-044f.md)) a little while ago now. At this point, there is a fully featured implementation in Mastodon. This means it could be a good time to implement the FEP in other Fediverse software. |
| 56 | + |
| 57 | +The FEP itself allows some leeway for implementation - for example, when defining the audience in quote policies. If you are interested in the choices that Mastodon made in those cases, the content of the FEP itself has been updated with additional clarifications. You may also want to have a look at our ["Implementing quote posts" guide](https://docs.joinmastodon.org/client/quotes/) to get a more complete picture how this works inside of Mastodon, even if you are not planning on using our APIs. |
| 58 | + |
| 59 | +### HTTP Signatures |
| 60 | + |
| 61 | +Mastodon 4.4 added experimental support for receiving HTTP Message Signatures ([RFC9421](https://www.rfc-editor.org/rfc/rfc9421)) behind a feature flag. |
| 62 | + |
| 63 | +The feature flag has been *removed* in Mastodon 4.5. Servers running Mastodon 4.5+ will accept incoming HTTP Message Signatures that can be verified. See [our documentation](https://docs.joinmastodon.org/spec/security/#http-message-signatures) for additional details. |
| 64 | + |
| 65 | +## Keep on building with us! |
| 66 | + |
| 67 | +It means a lot to us that developers want to spend their time working on apps for the Mastodon community, and the broader Fediverse as a whole. Thank you. |
| 68 | + |
| 69 | +Finally, this is blog post is only a summary of the developer-centric features in the new release. We encourage you to have a dig into the [changelog for 4.5](https://github.com/mastodon/mastodon/releases/tag/v4.5.0-rc.1) for full details of all the updates. |
0 commit comments