I'm a little confused on how authentication works in Instagram. I want to display Instagram posts on a widget. But if I manually generate a single access_token I'm worried about hitting the limit (5000/hour) as it is a large web application.
Here's what I'm thinking: Have each user authenticate with their Instagram account and store their access_tokens and use the tokens to query Instagram's API. So essentially each user will be presented with Instagram posts queried using their access_token. And if the token expired for whatever reason I can easily have them re-authenticate. I need each user to authenticate anyway for other purposes.
I am not sure if the server could re-authenticate while providing a seamless experience for users.
Is this the right approach or is my thought process completely off?
EDIT: So I decided to have each user authenticate and call the Instagram API with each user's access_token. Everything has been working great. However, while testing the authentication one of my test accounts, I received this message "We noticed some unusual activity on your account. We'll send you a security code to verify your account." Are my API queries seen as unusual by Instagram if I'm querying public posts by tag for example? I'm worried my approach will cause end users to have to verify and ultimately make my application viewed as spam.
EDIT: I was hoping an Instagram API expert could offer advice on this topic. My application has been continuously querying for posts without issue. So for now I'm sticking to having each user authenticate and call the API using their access_token. I may have given the wrong impression when I said the Instagram posts would be on a "widget". I didn't mean a simple Instagram feed on a website. So if anyone has used the Instagram API for large amounts of querying for their application, please share your approach if possible!
If the access_token is invalid, you will get an error response like this:
{"error_type":"OAuthAccessTokenException","code":400,"error_message":"The access_token provided is invalid."}
check for this and ask user to login again
Related
I'm developing of a community website that features about 500 user profiles. We now want to add the option to show the users' Instagram feed on their profile (with their consent). Going through the instagram API documentation some questions arose concerning the right approach about permissions and the review process.
Can anyone clarify if the following is a working approach and a valid use case regarding instagram's policy: Creating one client ID / access token for the website that is used to communicate serverside with the Instagram API, using the public_content permission to query the members' timeline. Server side caching would ensure that the rate limits are respected.
Since we need read-only access to public content only we would like to avoid managing authorization of every single member.
Thanks!
In the recent API changes Instagram removed the ability to use the client_id for requests and now an access_toek obtained by authorising and Instagram account is required for everything
You could make an account for your website, authorize it and use its access_token, but it will need to apply for the public_content permission and I don't thin Instagram will like this use case. Also with 500 accounts you may hit your Ali request limit.
The better option is to require uses to authorise their Instagram account if they want their recent posts on their profile and use their token to get their recent posts. This way you don't need the public_content permission
So as of now Instagram changed the policy and now i can't create an access token with relationships+likes scope. But third party apps like Crowdfire still work. On official Instagram page they said that only third party apps that will receive the privilege of advanced scope are the apps that Instagram itself approved. Anyone had any experience filing the application for approval? Or can you guys give me tips of how to bypass that.
p.s.
I have an app that creates multiple access_tokens for different client, nothing spammy, just likes the feed of users and automatically follows people that followed them. (yeah, some people are into that) And mass unfollow (idk if thats bad or not)
Spending my whole day on yahoo docs and here and there finally I am asking it here having failed in all attempts.I am implementing login with yahoo on my site using yahoo oauth. After a user login I need to get his profile.
I have successfully retrieved access token and completed the authorization flow as mentioned here:-
Yahoo OAuth authorization flow
After having the access token I need to retrieve the user profile by just making a simple Yahoo API call as mentioned here
But I not able to the same. Sometimes it gives me token rejected sometimes signature invalid,timestamp rejected e.t.c. I have seen similar type of question on Yahoo Forums but there are no replies to that people(I wonder what they did).
I would be really thankful if someone can describe this step completely, very clearly(signatures,methods,timestamp e.t.c) as it will be useful for users having similar problems. I am using JAVA language.
Thanking you in advance.
I am planning to use facebook authentication for my application. I thought of using facebook account creation date to identify fake accounts. After extensive searching I retired without a solution.
So decided to read user posts to check if the user account existed for sometime, but using read_stream I could only get a user's feed, I would like to know by someway can I get only the user's post.
http://developers.facebook.com/docs/reference/api/user/ see statuses connection.
Calling the Facebook API is a (relatively) slow operation; especially if you have to call it multiple times. So, when possible, it is a good idea to get the information you need, without making API calls.
You can take a look at http://metadatascience.com/2013/03/11/inferring-facebook-account-creation-date-from-facebook-user-id/. It explains how to figure out the creation date of a Facebook account without having to call the Facebook API, just based on the user’s Facebook UID.
I am new to linkedin api. I have a doubt regarding the api.
I am integrating the api in my application, so different user have to register in the linkedin to get the data using that api? Can it be pre registered and the user can get the data whatever he wants.
Suppose user wants to search about company. He will type the company name and will get the names of the company related to search. He should not log in in linked in before searching.
Is it possible?
If you are using the JavaScript API, then yes, you may need to have the user log in each time as the JavaScript API's authorization is cleared every time the user closes their browser.
If you are using the REST API, you can store the user's OAuth token and use that to make the calls on behalf of the user, saving them having to sign-in each time.