Messenger guide

Learn how to implement a custom Messenger authentication flow inside your application using the postpress API.

Step 1: Authenticate to Messenger

POST to the accounts endpoint with the user's credentials, or call the matching SDK method.

curl --request POST \
     --url https://api.postpress.ai/v1/accounts \
     --header 'X-API-KEY: ${POSTPRESS_API_KEY}' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{
  "provider": "MESSENGER",
  "username": "your_username",
  "password": "********"
}'

Step 2: Handle the 2FA checkpoint

If the Messenger account has two-factor authentication enabled, the API returns a checkpoint with a 202 status. Example response:

{
  "object": "Checkpoint",
  "account_id": "098dez89d",
  "checkpoint": {
    "type": "2FA"
  }
}

At this point a new authentication intent starts. The intent lasts 5 minutes and every checkpoint must be solved inside that window.

Step 3: Solve the 2FA checkpoint

POST the 2FA code to the solve-checkpoint endpoint or call the SDK, passing the account_id returned by the first request.

curl --request POST \
     --url https://api.postpress.ai/v1/accounts/checkpoint \
     --header 'X-API-KEY: ${POSTPRESS_API_KEY}' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{
  "provider": "MESSENGER",
  "account_id": "098dez89d",
  "code": "******"
}'

If the user is connecting from inside your application, the 2FA flow can be confirmed in the Messenger app instead of by code. Send "in_app_validation" as the code and ask the user to approve the connection on their device.

The response indicates whether the account is successfully connected.

Step 4: Handle intent timeout

If the user takes more than 5 minutes to solve the checkpoint, the account will not be connected. Any later request against that intent first returns a 408 Request Timeout, then a 400 Bad Request as the authentication intent self-destructs.