I'm developing of a community website that features about 500 user profiles. We now want to add the option to show the users' Instagram feed on their profile (with their consent). Going through the instagram API documentation some questions arose concerning the right approach about permissions and the review process.
Can anyone clarify if the following is a working approach and a valid use case regarding instagram's policy: Creating one client ID / access token for the website that is used to communicate serverside with the Instagram API, using the public_content permission to query the members' timeline. Server side caching would ensure that the rate limits are respected.
Since we need read-only access to public content only we would like to avoid managing authorization of every single member.
Thanks!
In the recent API changes Instagram removed the ability to use the client_id for requests and now an access_toek obtained by authorising and Instagram account is required for everything
You could make an account for your website, authorize it and use its access_token, but it will need to apply for the public_content permission and I don't thin Instagram will like this use case. Also with 500 accounts you may hit your Ali request limit.
The better option is to require uses to authorise their Instagram account if they want their recent posts on their profile and use their token to get their recent posts. This way you don't need the public_content permission
Related
I want to use Instagram's Graph API on my backend server to retrieve data about an Instagram post. On my frontend, users will submit a post URL (like https://www.instagram.com/p/CAvPIm2lszQ/). Then on my backend, I want to take the ID of the post from that URL (so in this case CAvPIm2lszQ) and then I'm hoping that I can pass that ID thru the Instagram Graph API and then retrieve the data that I need (media URL, caption, poster username, etc.).
So would that be possible? I did find documentation on "IG Media" for the Graph API, but under permissions, it says, "A Facebook User access token from a User who created the IG Media object, with the following permissions.."
Unless I'm misunderstanding it, I'm not sure if I'll be able to access posts from various public accounts. I think it's also worth mentioning that my users are not logging into their Instagram accounts to use my service so the only possible "User access token" would be my own.
Any ideas on how I can go about this? I was using the instagram.com/p/{post_id}/?__a=1 endpoint to meet my needs before but it doesn't work on my production server for some reason. So I'm kinda stuck.
Most probably you will not be able to achieve that using Instagram API. First of all the ID you are referring to CAvPIm2lszQ is not the ID that you will use for getting IG Media. The ID is different (it's numeric value like in the sample request from the page you've linked). The full URL that includes CAvPIm2lszQ is in the shortcode field.
At the moment it is not possible to look for the post detail using shortcode. If you want to use that endpoint you need to get the real post ID first, for instance by listing list of posts from given user.
But in order to do so - you need to use Facebook login authorization window to get token from given user. Alternatively you can try to request https://developers.facebook.com/docs/instagram-api/guides/business-discovery but it requires going through App review and having your own company to pass the Business Verification. Keep in mind that this endpoint returns information only about Instagram Professional accounts (Business/Creator account). You will not be able to get information about regular accounts.
And the last thing about ?__a=1 endpoint. This is not the official Instagram API. They use it only for their own purposes. Most probably your server IP address has been blocked due to sending too many requests.
I am trying to display only the images the client uploaded to instagram on their website. The client's user ID# is 176722013. According to the API this URL will provide just such a feed:
https://api.instagram.com/v1/users/176722013/media/recent
As indicated by the error message, I need to provide either a client_id or an auth_token. Since I don't want to deal with authentication I went ahead and created an "app" in instagram developers to get a client_id # 5b5a6e95469f465f9f70e4ebcf9ee3a6
Yet when I add it to the URL I still get an error that I needed to provide an auth_token. How does that make sense?
https://api.instagram.com/v1/users/176722013/media/recent?client_id=5b5a6e95469f465f9f70e4ebcf9ee3a6
The app is in sandbox mode. When I attempt to submit it for review I must provide the purpose for the app. Upon selecting " I want to display my Instagram posts on my website." as the purpose I get the following message:
You do not need to submit for review for this use case. If you are a
developer and you want to display Instagram content on your website,
then you do not need to submit your app for review. By using a client
in sandbox mode, you can still access the last 20 media of any sandbox
user that grants you permission.
I am truly at a loss for how to proceed. Thanks for any support
As of June 1st, 2016, you need access_token to access API, where did u read: either a client_id or an auth_token ?
authenticate and get access_token and use to get API response.
#snucky you don't need authentication but you do need the users permission - from what I gather, instagram is accessible only by registered users - so you still need the access token - but instead of a server-explicit you need client-implicit.
Make a http request from your client to the api/authorize with the ?client_id=ID AND A redirect_uri=http://yoursite.com/ when the user allows the application, you'll receive an access_token in the url, which you will then use in every subsquent instagram call
read more here
I'm a little confused on how authentication works in Instagram. I want to display Instagram posts on a widget. But if I manually generate a single access_token I'm worried about hitting the limit (5000/hour) as it is a large web application.
Here's what I'm thinking: Have each user authenticate with their Instagram account and store their access_tokens and use the tokens to query Instagram's API. So essentially each user will be presented with Instagram posts queried using their access_token. And if the token expired for whatever reason I can easily have them re-authenticate. I need each user to authenticate anyway for other purposes.
I am not sure if the server could re-authenticate while providing a seamless experience for users.
Is this the right approach or is my thought process completely off?
EDIT: So I decided to have each user authenticate and call the Instagram API with each user's access_token. Everything has been working great. However, while testing the authentication one of my test accounts, I received this message "We noticed some unusual activity on your account. We'll send you a security code to verify your account." Are my API queries seen as unusual by Instagram if I'm querying public posts by tag for example? I'm worried my approach will cause end users to have to verify and ultimately make my application viewed as spam.
EDIT: I was hoping an Instagram API expert could offer advice on this topic. My application has been continuously querying for posts without issue. So for now I'm sticking to having each user authenticate and call the API using their access_token. I may have given the wrong impression when I said the Instagram posts would be on a "widget". I didn't mean a simple Instagram feed on a website. So if anyone has used the Instagram API for large amounts of querying for their application, please share your approach if possible!
If the access_token is invalid, you will get an error response like this:
{"error_type":"OAuthAccessTokenException","code":400,"error_message":"The access_token provided is invalid."}
check for this and ask user to login again
The Instagram new API policy have become super strict. They are not allowing fetching public content at all. We are literally following all Instagram policies and still cant get approval of public_content.
Is there any workaround or any possibility of fetching the data.
This is the response that I have recieved from instagram
General issues:
Policy Violation (Ad network, Influencer network, Other related): Your
app should not attempt to build an ad network on Instagram, nor
transfer any data that you receive from us (including anonymous,
aggregate, or derived data) to any ad network, data broker, influencer
network, or other advertising or monetization-related service. In
working to build a high quality platform, we ask that you comply with
our Platform Policy
(http://wwww.instagram.com/about/legal/terms/api/).
Yeah, they now grant permissions only to applications with some specific usage cases.
According to Instagram official website, these are:
To help individuals share their own content with 3rd party apps
To help brands and advertisers understand and manage their audience and digital media rights
To help broadcasters and publishers discover content, get digital rights to media, and share media with proper attribution
Note that in order to get public_content permission, you need to fall under the 2nd or the 3rd use case. Otherwise, consider changing your application / service in such way that is now uses basic permission and acquires only your users' media.
There is no valid and legal possibility to fetch public data except for successful passing the Instagram permission review.
This official developer documentation page may be useful to you.
You need to enable scopes invividually for your client https://api.instagram.com/oauth/authorize?client_id=CLIENT_ID&redirect_uri=APPCALLBACK&access_token=ACCESSTOKEN&response_type=code&scope=public_content in your browser, using your values for the uppercase words? This should enable your registered client to work with the public_content scope.
https://api.instagram.com/oauth/authorize?client_id=xxxxx&redirect_uri=xxxxx&access_token=xxxxx&response_type=code&scope=public_content
your comment
Read the error message, did you supply a valid client-id from your instagram developer account. Did you setup a redirect_uri for that client? Do you authenticate to instagram to get an access token?
This worked for me this weekend. Double check the values you set in the url and call it directly in your browser.
I am new to linkedin api. I have a doubt regarding the api.
I am integrating the api in my application, so different user have to register in the linkedin to get the data using that api? Can it be pre registered and the user can get the data whatever he wants.
Suppose user wants to search about company. He will type the company name and will get the names of the company related to search. He should not log in in linked in before searching.
Is it possible?
If you are using the JavaScript API, then yes, you may need to have the user log in each time as the JavaScript API's authorization is cleared every time the user closes their browser.
If you are using the REST API, you can store the user's OAuth token and use that to make the calls on behalf of the user, saving them having to sign-in each time.