This document describes the Flask API endpoints available in InstaLab.
Base URL: http://localhost:5000 (default)
- Health & Status
- Run Lifecycle
- Runs
- Jobs
- Targets
- Logins
- Insights
- Unfollow
- Monitor
- Summary
- Configuration
- Integrations
- Schedules
- Import
- Error Responses
Response:
{
"status": "ok",
"checks": {
"db": {"status": "ok"},
"files": {"status": "ok"},
"scheduler": {"status": "ok"}
}
}Includes extra checks (sessions, scraper, runs, unfollow).
Real‑time run status for active jobs only. Completed jobs are not listed here.
Response:
{
"state": "running",
"active_jobs": [
{
"job_id": "<job_id>",
"login_username": "login",
"target_username": "target",
"phase": "followers",
"followers_progress": 120,
"following_progress": 0,
"followers_total": 500,
"following_total": 300,
"elapsed_seconds": 42,
"eta_seconds": 180
}
],
"queued_jobs": [],
"active_logins": ["login"],
"queued_logins": [],
"unfollow": {"state": "idle"}
}- Add login (
/api/logins/add) or ensure existing login has password/session. - Start run (
/api/run). - If 2FA/challenge required, submit code via
/api/logins/challengeor includetwo_factor_code/challenge_codein the run request. - Poll
/api/run/<job_id>untildone=true. - Use
/api/jobs/latest?login_username=...for logs/trace tail. - View run history via
/api/runsand/api/run/<run_id>.
- Per‑login run lock: only one active run per login.
- Per‑target run lock: only one active run per target.
- If locked, API returns 429.
Queue a snapshot run.
Request:
{
"login_username": "login",
"target_username": "target",
"two_factor_code": "123456",
"challenge_code": "123456"
}Response:
{ "job_id": "<job_id>" }Poll job status.
Response (running):
{ "done": false, "meta": {"login_username": "login", "target_username": "target"} }Response (completed):
{
"done": true,
"meta": {"login_username": "login", "target_username": "target"},
"payload": {
"status": "success",
"started_at": "...",
"finished_at": "...",
"result": {
"run_id": 143,
"followers_count": 2,
"followees_count": 3,
"non_followbacks_count": 3,
"followers_fetch_seconds": 5,
"followees_fetch_seconds": 4
}
}
}List run history for a target.
Full run detail including follower/followee lists and deltas.
Cancel a running job.
Request:
{ "login_username": "login", "target_username": "target" }Delete a run (soft delete).
Restore a deleted run.
Returns progress/result plus log tails.
Returns the latest job for a login (progress/result/log tails + trace tail).
Response keys:
progress– current phase/countresult– final success/error payload if finishedworker_out_tail/worker_err_tailtrace_tail– private API request/response trace (JSONL tail)
List targets with latest run timestamps.
Aggregate summary per target (latest run + deltas + week aggregates).
Latest run per target plus overall latest run.
List available logins (masked fields only).
Fields include:
login_usernamehas_password,has_totp_seedprivate_session_exists,private_session_mtimelast_login_at,last_error
Add or update a login.
Request:
{
"login_username": "login",
"login_password": "password",
"totp_seed": "BASE32"
}Clear cached session for a login.
Delete a login.
Store an SMS/email challenge code for the next run. Codes are consumed once and expire after ~2 minutes.
Store a forced‑reset password.
Generate a new TOTP seed (returns totp_seed).
Enable TOTP (returns backup codes if provided by Instagram).
Disable TOTP.
Generate a TOTP code from stored seed.
Returns active + churned follower/following insights for the time window.
Request:
{
"login_username": "login",
"max_actions": 25,
"dry_run": false,
"delay_min": 25,
"delay_max": 45
}Starts interactive login for unfollow flow (used only if required).
Status for automated count checks (per target + overall).
High‑level totals and performance stats.
Returns current config + defaults (masked for sensitive values).
Update config values. If proxy_enabled is true, host/port/user/pass are required.
Webhook verification endpoint for Meta WhatsApp Cloud API (hub.mode, hub.verify_token, hub.challenge).
Inbound webhook endpoint for WhatsApp messages. Supported text commands:
statusrun <login_username> <target_username>cancel <login_username> <target_username>help
Send a test WhatsApp message via Cloud API.
Request (optional):
{
"to": "+15551234567",
"message": "InstaLab test message"
}If to is omitted, the endpoint uses configured whatsapp_notify_to.
List schedules.
Create schedule with cron expression.
Update target or cron.
Bulk import follower/followee lists.
Request:
{
"target_username": "target",
"login_username": "login",
"followers": ["user1"],
"followees": ["user2"],
"timestamp": "2026-02-04_12-08-23"
}Response:
{ "ok": true, "run_id": 123, "changes": {"followers": {"added": [], "removed": []}} }400: {"error": "..."}
404: {"error": "not found"}
429: {"error": "another run is already in progress for this login"}
500: {"error": "..."}
For security best practices, see SECURITY.md.