Auto Insta Flow +
Endpoints:

Developer APIs

Integrate with the Auto Insta Flow automation engine, fetch public creator insights, scan reels and comments, and handle webhook alerts.

Authentication

All backend endpoints check authentication cookies verified via Google and Supabase sessions. For server-to-server calls or webhook events, validation relies on signing verification (such as Meta's Webhook Signature validation header).

Authorization Headers

Incoming webhooks require X-Hub-Signature-256 computed via your Instagram App Secret.

GET

GET /api/instagram/media

Fetch the most recent posts, reels, and active stories published by a connected Instagram account.

Request Parameters
accountIdstringrequired

The unique ID of the Instagram Account stored in the database.

Response Payload (200 OK)
{
  "success": true,
  "posts": [
    {
      "id": "1782201916489",
      "caption": "Check out our new automation builder! 🚀 comment SEND to get it.",
      "type": "reel",
      "mediaUrl": "https://video.cdninstagram.com/...",
      "permalink": "https://www.instagram.com/reel/...",
      "thumbnailUrl": "https://scontent.cdninstagram.com/...",
      "commentsCount": 142,
      "likeCount": 1205,
      "publishedAt": "2026-06-23T08:25:36Z"
    }
  ]
}
Request Example
curl -X GET "https://autoinstaflow.io/api/instagram/media?accountId=acc_12345"
GET

GET /api/instagram/comments

Fetch the list of comments for a specific Instagram post, reel, or active story.

Request Parameters
mediaIdstringrequired

The unique media ID from Meta Graph API.

accountIdstringrequired

The database ID of the connected Instagram account.

Response Payload (200 OK)
[
  {
    "id": "1802931726593817",
    "username": "john_doe",
    "text": "SEND me the link!",
    "timestamp": "2026-06-23T08:26:01Z"
  }
]
Request Example
curl -X GET "https://autoinstaflow.io/api/instagram/comments?mediaId=1782201916489&accountId=acc_123"
POST

POST /api/instagram/send-dm

Send a private DM reply directly linked to a specific comment ID.

Request Parameters
commentIdstringrequired

The comment ID to send the reply to.

textstringrequired

The message body/text to deliver.

accountIdstringoptional

Optional. The account ID to pull access tokens from database.

accessTokenstringoptional

Optional. Custom Meta user access token.

igIdstringoptional

Optional. Direct Instagram profile ID.

Response Payload (200 OK)
{
  "success": true,
  "data": {
    "recipient_id": "user_98765",
    "message_id": "m_12345abcd"
  }
}
Request Example
curl -X POST "https://autoinstaflow.io/api/instagram/send-dm" \
  -H "Content-Type: application/json" \
  -d '{"commentId": "1802931726593817", "text": "Here is your link: https://example.com", "accountId": "acc_123"}'
POST

POST /api/instagram/lookup

Query public Creator or Business accounts using Meta Business Discovery APIs.

Request Parameters
usernamestringrequired

The Instagram username (e.g. "@cristiano" or "cristiano") to fetch details for.

Response Payload (200 OK)
{
  "success": true,
  "isSimulated": false,
  "data": {
    "username": "creator_username",
    "name": "Jane Doe Creative",
    "profile_picture_url": "https://scontent.cdninstagram.com/...",
    "followers_count": 87400,
    "media_count": 342
  }
}
Request Example
curl -X POST "https://autoinstaflow.io/api/instagram/lookup" \
  -H "Content-Type: application/json" \
  -d '{"username": "cristiano"}'

Webhook Setup & Integration

Auto Insta Flow relies on Real-Time Graph API Webhooks to process events on Instagram instantly. Setup requires completing the challenge handshake, and validating the signature on incoming payloads.

1. Challenge Handshake (GET /api/webhooks/instagram)

Meta calls your webhook endpoint with verification query params. You must compare the token and return the challenge query parameter as plain text.

hub.mode: Must equal "subscribe"
hub.verify_token: Compare with INSTAGRAM_WEBHOOK_VERIFY_TOKEN
hub.challenge: Echo back in response body with 200 OK.
2. Event Receiver (POST /api/webhooks/instagram)

Meta sends JSON events (comments, stories, DMs) in real time. Validate payloads using the SHA256 signature in the x-hub-signature-256 header.

// Header: x-hub-signature-256 = sha256=abcdef12345...
{
  "entry": [
    {
      "id": "instagram_business_account_id",
      "time": 1782201916,
      "changes": [
        {
          "field": "comments",
          "value": {
            "id": "1802931726593817",
            "text": "GIVE ME THE EBOOK!",
            "from": {
              "id": "sender_user_id",
              "username": "john_doe"
            },
            "media": {
              "id": "1782201916489",
              "media_product_type": "REELS"
            }
          }
        }
      ]
    }
  ]
}