How to Auto-Hide & Moderate Comments via API (Instagram, Facebook, Threads)
Build automatic comment moderation — hide spam and abuse, unhide false positives, delete when needed — with one comment moderation API across Instagram, Facebook, and Threads.
Hide, delete, or leave it
Three moderation outcomes, different semantics:
- Hide — the comment disappears for the public but stays visible to its author (and in your API listings with
is_hidden: true). The spammer doesn’t know they’re filtered, so they don’t adapt. This is the right default. - Delete — gone for everyone, permanently. Reserve for content you’re not allowed to host (and note Threads doesn’t support delete).
- Leave + reply — borderline cases often deserve a public answer instead of removal.
The moderation pipeline
New comments fire a comment.created webhook; your classifier decides; one POST hides:
app.post("/webhooks/postproxy", async (req, res) => { res.sendStatus(200);
const event = req.body; if (event.type !== "comment.created") return;
const c = event.data.object; const verdict = classify(c.body); // blocklist, regex, or LLM call
if (verdict === "spam") { await fetch( `https://api.postproxy.dev/api/posts/${c.post_id}/comments/${c.id}/hide?profile_id=${PROFILE_ID}`, { method: "POST", headers: { Authorization: `Bearer ${process.env.POSTPROXY_API_KEY}` }, } ); }});Hide is asynchronous and returns { "accepted": true }; the comment’s is_hidden flips once the platform confirms.
A blocklist plus two regexes (URLs from non-followers, repeated emoji walls) catches the bulk of spam. For nuance — sarcasm, coded harassment, borderline self-promo — pipe c.body through an LLM with a yes/no rubric; comment moderation is one of the few places where model latency doesn’t matter, since hiding 30 seconds late is still effectively instant.
Signals beyond the text
Each comment’s metadata carries author context fetched from the platform:
| Signal | Use |
|---|---|
follower_count | Zero-follower accounts posting links → almost always spam |
is_verified_user | Verified authors → never auto-hide, route to human |
is_user_follow_business | Followers earn more benefit of the doubt |
Combining text verdict with author signals cuts false positives dramatically — “link in bio” from a 10k-follower customer is not the same comment as from a day-old account.
Undo: unhide and audit
False positives are recoverable:
curl -X POST "https://api.postproxy.dev/api/posts/POST_ID/comments/COMMENT_ID/unhide?profile_id=PROFILE_ID" \ -H "Authorization: Bearer YOUR_API_KEY"For a review queue, list comments and filter on is_hidden — hidden comments stay in listings precisely so a human can audit the bot’s calls:
curl "https://api.postproxy.dev/api/posts/POST_ID/comments?profile_id=PROFILE_ID&per_page=50" \ -H "Authorization: Bearer YOUR_API_KEY"Per-platform moderation support
| Action | Threads | ||
|---|---|---|---|
| Hide / Unhide | Yes | Yes | Yes |
| Delete | Yes | Yes | No |
| Like (boost positives) | No | Yes | No |
Same endpoints everywhere; unsupported actions return 405, so one handler covers all three platforms with a fall-through.
Escalation path for the worst cases: hide first, then delete where supported. Full endpoint reference: Comments API.
