Instagram Auto-Posting — Developer Handoff

Everything a developer needs to finish connecting Instagram to the ICONIC client platform.
Last updated: 4 April 2026

Overall Status: 95% built. Code is complete — OAuth flow, posting API, admin dashboard, client dashboard, content generation. The blocker is configuration: Meta App credentials need to be set up (requires a human with a Facebook account to create the developer app), then a scheduled posting cron needs to be added. No new code is needed for basic posting to work.

1. The Full Client Journey (End to End)

SALE Scott closes a client on a video call ↓ Scott tags contact iconic-contract-signed in GHL (GoHighLevel CRM) ↓ AUTO-SMS (5-min cron in serve_reports.js) Detects the tag → sends registration SMS with link → tags iconic-reg-link-sent ↓ REGISTER /iconic/register.html?email=X&name=X&tier=entry&icn=ICN-XXXXXX Client opens link → sets password → POST /api/iconic/register → Saves to Supabase + iconic_clients.json → Updates GHL (name, custom fields, pipeline opportunity) → Auto-login → redirect to dashboard ↓ DASHBOARD /iconic/dashboard.html Client sees: photos, stats, plan info, upload prompt, Instagram section ↓ CONNECT INSTAGRAM Client clicks "Connect Instagram Account" → Goes to /iconic/instagram_onboarding.html (setup guide) → Steps 1-3: Business account + Facebook Page + link them (client does on phone) → Steps 4-6: Meta Developer App + credentials + token (admin does once) → Step 7: Click "Connect" → auto-setup exchanges token → saves config ↓ AUTO-POSTING (after connected) System posts AI photos to client's Instagram automatically Admin monitors via /iconic/instagram_admin.html

2. What's Built vs What's Missing

Component	File	Status	Notes
Graph API wrapper	`Iconic/instagram_post.js`	DONE	Single + carousel posting, container polling, caption gen. 455 lines.
OAuth + client management	`Iconic/instagram_manager.js`	DONE	Token exchange, per-client tokens, queue, health checks. 597 lines.
14 API endpoints	`serve_reports.js`	DONE	OAuth flow, posting, admin CRUD, config, health. See Section 4.
Onboarding guide	`Iconic/instagram_onboarding.html`	DONE	7-step click-by-click setup with auto-connect button.
Client dashboard IG section	`Iconic/dashboard.html`	DONE	Connected/not-connected states, disconnect button.
Admin dashboard	`Iconic/instagram_admin.html`	PARTIAL	UI built. JS needs wiring to admin endpoints.
Content generation	`Iconic/generate_social.js`	DONE	60+ styles (feed/stories/reels), male + female.
Client setup guide	`Iconic/instagram_client_setup.html`	DONE	"I have IG" vs "I need IG" paths.
Meta App credentials	`ig_app_config.json`	EMPTY	BLOCKER. Needs human to create Meta Developer App.
Scheduled posting cron	`serve_reports.js`	TODO	processScheduledPosts() exists but nothing calls it.
Admin endpoint auth	`serve_reports.js`	TODO	All /api/instagram/admin/* endpoints are unprotected.

3. Key Files

File	Purpose	Lines
`Iconic/instagram_post.js`	Low-level Graph API v22.0 wrapper. Single image + carousel posting. Container creation → polling → publishing. Exported: graphRequest, createMediaContainer, publishMedia, createCarousel, postWithToken, postCarouselWithToken, verifyAccount, makeConfig, generateCaption	455
`Iconic/instagram_manager.js`	Per-client OAuth, token storage, posting queue, health checks. Exported: getOAuthUrl, handleCallback, saveClientInstagram, disconnectClient, postToClient, postCarouselToClient, queuePost, processScheduledPosts, checkTokenHealth, checkAllTokenHealth, getAllClientsInstagramStatus, updateClientSettings, getPostingHistory, loadAppConfig, saveAppConfig	597
`serve_reports.js`	Main server. All 14 Instagram API endpoints live here. Also has the auto-setup endpoint and checkInstagramStatus function.	7374
`ig_app_config.json`	Meta App ID + Secret storage. Currently EMPTY. Auto-setup endpoint also saves access token and IG account ID here.	4
`iconic_clients.json`	Client database. Each client gets an `.instagram` object added after OAuth with: connected, username, igAccountId, pageId, accessToken, status, postCount, autoPost, postsPerWeek	~53
`Iconic/instagram_onboarding.html`	7-step setup guide. Steps 1-3 (phone), Steps 4-6 (Meta developer portal), Step 7 (auto-connect button calls /api/instagram/auto-setup).	~500
`Iconic/instagram_admin.html`	Admin dashboard: client list, config form, posting history, token health check. UI built, JS partially wired.	~150
`Iconic/generate_social.js`	60+ Instagram content styles (feed 1:1, stories 9:16, reels 9:16). Male + female variants. Uses OHWX LoRA trigger word.	~150

4. All API Endpoints

Method	Path	Auth	What It Does
GET	`/api/instagram/status`	None	Check if central @iconicbyai account is configured. Checks process.env → ig_app_config.json → Windows env vars.
GET	`/api/instagram/connect`	Session cookie	Redirects client to Meta OAuth. Encodes email in state param. Requires Meta App ID to be saved.
GET	`/api/instagram/callback`	Public (Meta redirect)	Handles OAuth callback. Exchanges code → short-lived → long-lived token. Finds IG account. Saves to iconic_clients.json. Redirects to dashboard.
GET	`/api/instagram/client-status`	Session cookie	Returns logged-in client's IG status: connected, username, postCount, autoPost, followers.
POST	`/api/instagram/disconnect`	Session cookie	Clears client's IG tokens and sets status to disconnected.
POST	`/api/instagram/post-now`	None	Immediately posts a photo to a client's IG. Body: {email, photoFile, caption}.
POST	`/api/instagram/auto-setup`	None	One-click setup: takes shortLivedToken, exchanges for long-lived, finds IG account, saves everything to ig_app_config.json + process.env.
GET	`/api/instagram/admin/clients`	None	List all clients with their IG connection status.
POST	`/api/instagram/admin/settings`	None	Update client's autoPost and postsPerWeek. Body: {email, autoPost, postsPerWeek}.
GET	`/api/instagram/admin/history`	None	Get last 50 posts across all clients.
GET	`/api/instagram/admin/config`	None	Get Meta App ID (no secret exposed).
POST	`/api/instagram/admin/config`	None	Save Meta App ID + Secret. Body: {appId, appSecret}.
POST	`/api/instagram/admin/queue`	None	Queue a photo for scheduled posting. Body: {email, photoFile, caption, scheduledFor}.
POST	`/api/instagram/admin/check-health`	None	Check token health for all connected clients.

5. What Needs to Be Done (In Order)

Phase 1: Unblock the Configuration (Human Required)

A human with a Facebook account needs to do these steps. The onboarding guide at /iconic/instagram_onboarding.html walks through this click-by-click:

Switch the @iconicbyai Instagram account to a Business account (Instagram app → Settings → Account type → Business)
Create a Facebook Page (facebook.com → Pages → Create, or Facebook app → Menu → Pages → Create)
Link the Instagram account to that Facebook Page (Instagram → Edit Profile → Page → select the page)
Create a Meta Developer App at developers.facebook.com (type: Business, add Instagram product)
Copy the App ID and App Secret from the app's Settings → Basic page
Generate an access token via the Graph API Explorer with 4 permissions: instagram_basic, instagram_content_publish, pages_show_list, pages_read_engagement
Paste the App ID, App Secret, and token into the onboarding page → click "Connect" → auto-setup does the rest

After Step 7, ig_app_config.json will be populated and all OAuth flows will work. No code changes needed.

Phase 2: Add Scheduled Posting Cron (Developer — 5 min)

The function processScheduledPosts() in instagram_manager.js already processes queued posts. It just needs to be called on a schedule.

Add this to serve_reports.js near the existing cron jobs (search for cron.schedule):

// Instagram scheduled posting — every 30 minutes
cron.schedule('*/30 * * * *', async () => {
  try {
    const igm = getIgManager();
    const count = await igm.processScheduledPosts();
    if (count > 0) console.log(`[IG Scheduler] Posted ${count} scheduled items`);
  } catch (e) {
    console.error('[IG Scheduler] Error:', e.message);
  }
}, { timezone: 'America/Chicago' });

Phase 3: Secure Admin Endpoints (Developer — 30 min)

All /api/instagram/admin/* endpoints currently have no auth. Add a check for an admin session or API key before each one. Pattern:

// Add at the top of each admin endpoint:
const adminEmails = ['[email protected]']; // or check a role
const sessionToken = parseCookies(req).iconic_session;
const email = getEmailFromSession(sessionToken);
if (!email || !adminEmails.includes(email)) {
  res.writeHead(401, { 'Content-Type': 'application/json' });
  return res.end(JSON.stringify({ ok: false, error: 'Admin access required' }));
}

Phase 4: Wire Up Admin Dashboard (Developer — 1-2 hours)

Iconic/instagram_admin.html has the UI built but needs its JavaScript completed to call the admin API endpoints (fetch clients, save config, check health, view history, queue posts).

Phase 5: Token Refresh Notification (Developer — 30 min)

Long-lived page tokens don't expire, but user tokens last 60 days. If a client's token dies:

checkTokenHealth() already detects this and sets status: 'token_expired'
Need to: show a "Reconnect Instagram" prompt on the client dashboard when status is expired
Optional: send an email notification

6. Per-Client Data Structure

After a client connects Instagram, their record in iconic_clients.json gets an .instagram field:

{
  "[email protected]": {
    "name": "Neil Spence",
    "tier": "entry",
    "plan": "entry",
    "password": "...",
    "instagram": {
      "connected": true,
      "username": "iconicbyai",
      "igAccountId": "17841400000000",
      "pageId": "123456789",
      "accessToken": "EAA...long_page_token...",
      "connectedAt": "2026-04-04T12:00:00.000Z",
      "lastPostAt": null,
      "postCount": 0,
      "autoPost": false,
      "postsPerWeek": 3,
      "status": "active",
      "followers": 150,
      "profilePic": "https://..."
    }
  }
}

7. Posting Flow (How a Photo Gets to Instagram)

1. TRIGGER Admin calls POST /api/instagram/post-now Body: { email: "[email protected]", photoFile: "1_Profile.jpg", caption: "Your new look" } ↓ 2. LOOKUP Server finds client in iconic_clients.json Gets: accessToken, igAccountId from client.instagram Gets: sessionId from client record → builds image URL Image URL: https://reports.iconicbyai.com/api/uploads/{sessionId}/generated/{photoFile} ↓ 3. CREATE CONTAINER POST to Graph API: /{igAccountId}/media Body: { image_url, caption, access_token } Returns: containerId ↓ 4. WAIT FOR PROCESSING Poll GET /{containerId}?fields=status_code every 2 seconds Wait until status_code = "FINISHED" (max 60 seconds) ↓ 5. PUBLISH POST to Graph API: /{igAccountId}/media_publish Body: { creation_id: containerId, access_token } Returns: mediaId (the live Instagram post ID) ↓ 6. UPDATE RECORDS client.instagram.postCount++ client.instagram.lastPostAt = now Save to iconic_clients.json

8. Live URLs

Page	URL	Who Sees It
Setup Guide	reports.iconicbyai.com/iconic/instagram_onboarding.html	Admin (one-time setup)
Client Dashboard	reports.iconicbyai.com/iconic/dashboard.html	Clients (has IG section)
Client Setup	reports.iconicbyai.com/iconic/instagram_client_setup.html	Clients (OAuth guide)
Admin Dashboard	reports.iconicbyai.com/iconic/instagram_admin.html	Admin only
Admin Hub	reports.iconicbyai.com/iconic/hub	Admin only
Instagram Preview	reports.iconicbyai.com/iconic/instagram_preview.html	Clients

9. Environment & Tech Stack

Runtime: Node.js v24.13.1
Server: Raw Node HTTP (serve_reports.js, port 3100)
Hosting: Render (auto-deploys on git push to master)
Domain: reports.iconicbyai.com (Cloudflare tunnel)
GitHub: NeilTheAussie/Studio1-Automation
Client DB: iconic_clients.json + Supabase (jeneuarajdhwlqvmaqhj.supabase.co)
Graph API: v22.0 via raw HTTPS (no SDK)
OAuth scopes: instagram_basic, instagram_content_publish, pages_show_list, pages_read_engagement
No npm dependencies — all Instagram code uses built-in Node https + fs modules

10. Testing Checklist

OAuth Flow

Client at dashboard → clicks "Connect Instagram Account"
Redirected to onboarding guide (or client setup page)
After Meta App is configured: /api/instagram/connect redirects to Facebook
User grants permissions → redirected back to dashboard
Dashboard shows "Connected as @username"
Token saved in iconic_clients.json

Single Image Posting

POST /api/instagram/post-now with {email, photoFile, caption}
Photo appears on client's Instagram feed within 2 minutes
postCount incremented in iconic_clients.json
lastPostAt updated

Scheduled Posting (after cron is added)

Queue post via /api/instagram/admin/queue with future scheduledFor
Post does NOT appear before scheduled time
After time passes + cron fires → post appears
Status in _schedule.json changes from "pending" to "posted"

Token Health

POST /api/instagram/admin/check-health returns status for all clients
Healthy tokens show {healthy: true}
Expired tokens show {healthy: false, reason: "token_invalid"}