Account Management

Manage your connected social media accounts through the dashboard and API.

Overview

Account management endpoints allow you to:

List all connected accounts
View account details
Disconnect (soft delete) accounts
Validate token status

Note: These endpoints require dashboard authentication (session cookie), not an API key.

List Accounts

Get all social media accounts connected to your account.

Endpoint

GET /api/accounts

Authentication

Requires session authentication (sign in to dashboard).

Response

{
  "accounts": [
    {
      "account_id": "uuid-string",
      "social_channel_type": "facebook",
      "page_name": "My Facebook Page",
      "page_id": "123456789",
      "is_valid": true,
      "expires_at": null,
      "data_access_expires_at": "2026-01-05T10:30:00Z",
      "created_at": "2025-01-01T10:00:00Z",
      "updated_at": "2025-01-20T15:30:00Z"
    },
    {
      "account_id": "uuid-string",
      "social_channel_type": "instagram",
      "ig_username": "myusername",
      "ig_account_id": "987654321",
      "account_type": "BUSINESS",
      "is_valid": true,
      "expires_at": "2025-03-20T10:30:00Z",
      "created_at": "2025-01-15T12:00:00Z",
      "updated_at": "2025-01-15T12:00:00Z"
    },
    {
      "account_id": "uuid-string",
      "social_channel_type": "threads",
      "threads_username": "myusername",
      "threads_id": "123456789",
      "threads_profile_picture": "https://...",
      "is_valid": true,
      "expires_at": "2025-03-15T10:30:00Z",
      "created_at": "2025-01-10T14:00:00Z",
      "updated_at": "2025-01-10T14:00:00Z"
    }
  ]
}

Field Descriptions

Common fields:

account_id - Unique account identifier (use this in publishing API)
social_channel_type - Platform: "facebook", "instagram", or "threads"
is_valid - Whether the token is still valid
expires_at - Token expiration (null for Facebook, date for Instagram/Threads)
created_at - When account was connected
updated_at - Last update timestamp

Facebook-specific:

page_name - Facebook Page name
page_id - Facebook Page ID
data_access_expires_at - Data access expiration (90 days)

Instagram-specific:

ig_username - Instagram username
ig_account_id - Instagram User ID
account_type - BUSINESS, CREATOR, or MEDIA_CREATOR

Threads-specific:

threads_username - Threads username
threads_id - Threads User ID
threads_profile_picture - Profile picture URL

Disconnect Account

Soft delete an account (sets disabled: true in database).

Endpoint

DELETE /api/accounts/{account_id}

Authentication

Requires JWT authentication (dashboard session).

Parameters

account_id - The account ID to disconnect (in URL path)

Request

DELETE /api/accounts/a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6 HTTP/1.1
Host: boring.aiagent-me.com
Cookie: session=...

Success Response

{
  "success": true,
  "message": "Account disconnected successfully"
}

Error Response

{
  "success": false,
  "error": "AccountNotFound",
  "message": "Account not found or does not belong to this user"
}

Notes

The account is soft deleted (marked as disabled, not physically removed)
The account will no longer appear in your accounts list
Historical data is preserved
You can reconnect the same account later (creates a new account_id)

Validate Token

Check if a token is still valid.

Endpoint

POST /api/token/info

Authentication

Requires session authentication.

Request Body

{
  "account_id": "uuid-string"
}

Response

{
  "success": true,
  "data": {
    "is_valid": true,
    "expires_at": "2025-03-20T10:30:00Z",
    "days_until_expiry": 45,
    "platform": "instagram",
    "account_name": "myusername"
  }
}

Use Cases

Check if re-authentication is needed
Monitor token expiration
Validate before bulk publishing operations

Account ID

The account_id is the key identifier for publishing.

Getting Account IDs

Via Dashboard:

Sign in to Boring Dashboard
View your connected accounts
Click "Copy ID" button next to each account
Save the ID for use in API requests

Via API:

// Get all account IDs
const response = await fetch('https://boring.aiagent-me.com/api/accounts', {
  credentials: 'include'  // Include session cookie
});

const data = await response.json();
const accountIds = data.accounts.map(acc => ({
  id: acc.account_id,
  platform: acc.social_channel_type,
  name: acc.page_name || acc.ig_username || acc.threads_username
}));

Storing Account IDs

Best practices:

Store in environment variables
Use configuration files (not in version control)
Map friendly names to IDs

Example:

# .env file
FACEBOOK_MAIN_PAGE_ID=a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6
INSTAGRAM_BUSINESS_ID=b2c3d4e5-f6g7-h8i9-j0k1-l2m3n4o5p6q7
THREADS_PERSONAL_ID=c3d4e5f6-g7h8-i9j0-k1l2-m3n4o5p6q7r8

Token Expiration

Different platforms have different token lifespans:

Platform	Expiration	Auto-Refresh	Action Required
Facebook	Never	N/A	Re-auth every 90 days for data access
Instagram	60 days	No	Manual reconnection before expiry
Threads	60 days	Yes (5 days before)	Usually none

Handling Expiration

Check expiration regularly:

def check_token_expiration(account_id):
    """Check days until token expires"""
    response = requests.post(
        "https://boring.aiagent-me.com/api/token/info",
        json={"account_id": account_id},
        cookies=session_cookies
    )

    data = response.json()
    if data["success"]:
        days_left = data["data"]["days_until_expiry"]
        if days_left and days_left < 7:
            notify_admin(f"Token expiring in {days_left} days!")

Monitor and alert:

Set up daily checks
Alert when < 7 days remaining
Provide re-connection link in notification

Account Limits

Platform Limits

Facebook:

No limit on number of connected pages
Each page is a separate account

Instagram:

No limit on number of business accounts
Each business account is separate

Threads:

No limit on number of accounts
Each Threads account is separate

Boring Limits

Currently there are no limits on:

Number of accounts per user
Number of platforms
Switching between accounts

Multiple Account Management

Organizing Accounts

Group by purpose:

ACCOUNTS = {
    "production": {
        "facebook": "prod-fb-account-id",
        "instagram": "prod-ig-account-id",
        "threads": "prod-threads-account-id"
    },
    "testing": {
        "facebook": "test-fb-account-id",
        "instagram": "test-ig-account-id",
        "threads": "test-threads-account-id"
    },
    "clients": {
        "client_a_facebook": "client-a-fb-id",
        "client_b_instagram": "client-b-ig-id"
    }
}

Bulk Operations

Check all accounts:

def check_all_accounts():
    """Get status of all connected accounts"""
    response = requests.get(
        "https://boring.aiagent-me.com/api/accounts",
        cookies=session_cookies
    )

    accounts = response.json()["accounts"]

    for account in accounts:
        print(f"{account['social_channel_type']}: {account['page_name']} - Valid: {account['is_valid']}")

Troubleshooting

Account Not Found

Error:

{
  "success": false,
  "error": "AccountNotFound"
}

Possible causes:

Account ID is incorrect
Account was disconnected
Account belongs to different user

Solution:

Copy ID again from dashboard
Reconnect account if needed
Verify you're using correct Google account

Token Invalid

Error when publishing:

{
  "success": false,
  "error": "InvalidToken",
  "message": "Token expired or revoked"
}

Solution:

Go to dashboard
Disconnect the account
Reconnect the account
Update your stored account ID

Permissions Changed

If you revoked permissions in Facebook/Instagram/Threads:

The token becomes invalid
Publishing will fail
You must reconnect the account

Best Practices

Store account IDs securely - Use environment variables
Monitor expiration - Set up alerts for expiring tokens
Label accounts clearly - Use descriptive names in dashboard
Test accounts - Keep separate test accounts
Document mappings - Keep a record of which ID is which account
Regular audits - Review connected accounts monthly
Revoke when done - Disconnect unused accounts

Security

Access Control

Accounts are tied to your Google account email
Only you can see/manage your accounts
API keys are separate from account access

Revoking Access

To fully revoke access:

In Boring: Disconnect account
In Facebook/Instagram/Threads: Remove Boring app from authorized apps
Delete API keys: Remove from Settings page

Data Retention

When you disconnect an account:

Account data is soft deleted (disabled flag)
Historical publishing data is retained
Tokens are kept for audit purposes
Actual data not deleted from database

For complete data deletion, contact support.

Next Steps

Publishing API - Use account IDs to publish
Errors - Troubleshoot account errors
Getting Started - Connect accounts