IAV-841/feat(integrations): Meta credential validation for Facebook Messenger and Instagram
Summary
Adds real-time credential validation for Meta platforms (Facebook Messenger & Instagram). This includes token validation, permission analysis, webhook subscription verification, and page/account discovery via the Meta Graph API.
Motivation
Meta platforms require a more complex validation flow than other integrations:
- Tokens have types (User vs Page) and can expire
- Permissions must be checked individually against the Graph API
- Webhooks must be properly subscribed with the correct callback URL and fields
This MR ensures users get full visibility into their Meta integration health before creating workflows.
Changes
New Services
- MetaGraphApiService: Comprehensive Meta Graph API client handling token debug, permissions, page listing, Instagram account discovery, and webhook verification
New Endpoints
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/customer-care/integrations/meta/messenger/validate-token |
Full Messenger validation (token + permissions + webhook) |
| POST | /api/customer-care/integrations/meta/instagram/validate-token |
Full Instagram validation (token + permissions + webhook) |
| GET | /api/customer-care/integrations/meta/token/debug |
Debug token info |
| GET | /api/customer-care/integrations/meta/token/permissions |
Get granted permissions |
| GET | /api/customer-care/integrations/meta/facebook/pages |
List user's Facebook pages |
| GET | /api/customer-care/integrations/meta/facebook/pages/{pageId} |
Get page details |
| GET | /api/customer-care/integrations/meta/instagram/account |
Find linked Instagram account |
| GET | /api/customer-care/integrations/meta/instagram/accounts/{accountId} |
Get Instagram account details |
Validation Flow
-
Token debug — call
/debug_tokento verify validity, type, and expiry -
Permission check — call
/me/permissionsand compare against required list -
Webhook verification — call
/{page}/subscribed_appsto ensure correct callback URL, active status, and required subscription fields
Configuration
- MetaWebhookConfig: Webhook callback URLs, object types, and required fields for Messenger and Instagram
DTOs
-
MetaTokenValidationResult: Comprehensive result with token info, permissions, and webhook status -
MetaDebugTokenResponse: Token introspection data -
MetaPermissionResponse: Granted/declined permissions -
MetaPageResponse,MetaPageListResponse: Facebook Page data -
MetaInstagramAccountResponse: Instagram Business Account data -
MetaWebhookSubscriptionResponse,MetaAppSubscriptionsResponse: Webhook subscription data
Error Codes (BusinessErrorCode 720–737)
-
META_API_ERROR(720) — Generic Meta API error -
META_AUTHENTICATION_FAILED(721) — Auth failure -
META_INVALID_TOKEN(722) — Invalid token -
META_PERMISSION_DENIED(723) — Permission denied -
META_PAGE_NOT_FOUND(724) — Page not found -
META_INSTAGRAM_NOT_LINKED(725) — Instagram not linked -
META_WEBHOOK_NOT_CONFIGURED(726) — Webhook missing -
META_WEBHOOK_INACTIVE(727) — Webhook inactive -
META_WEBHOOK_URL_MISMATCH(728) — URL mismatch -
META_INVALID_TOKEN_TYPE(729) — Wrong token type -
META_WEBHOOK_URL_INVALID(730) — Invalid webhook URL -
META_TOKEN_EXPIRED(731) — Expired token -
META_ACCOUNT_NOT_FOUND(732) — Account not found -
META_INSUFFICIENT_PERMISSIONS(733) — Insufficient perms -
META_RATE_LIMIT_EXCEEDED(734) — Rate limited -
META_NETWORK_ERROR(735) — Network error -
META_WEBHOOK_MISSING_FIELDS(736) — Missing webhook fields -
META_RESOURCE_NOT_FOUND(737) — Resource not found
Testing
-
Unit tests for MetaGraphApiService -
Integration tests with mocked Graph API -
Manual testing with real Meta tokens (staging) -
Verify webhook validation with live callback URLs
## Related Issues
Closes IAV-841