Instagram is pretty dang popular. According to its press page, Instagram has over 500 million users and receives 95 million video and photo uploads daily. Now that they’ve added live and ephemeral video features, that number should only get bigger.
However, connecting to the Instagram API to build stuff can be a pain in the…app (#punintended).
This article will go through…
- How to connect to the Instagram API quickly and easily (go here)
- What you can and can’t build with the Instagram API (go here)
- A list of which functionalities that require additional permissions (go here)
How to Connect to the Instagram API
To get started with Instagram, here’s how to connect to the API and start making calls.
Here’s a step-by-step summary of what was on the video.
Step 1: Create a Instagram Developer Account
- Go to Instagram developer page
- Click on Register Your Application
- Click on Register a New Client
- Fill the form and click on Register
- Go to Clients manager.
- Click on Manage in your application block.
- Copy and save your credentials:
Here’s what that process should look like.
Step 2: Generate an Access Token
Now, we’ll need to generate an
access_token. While you can technically use your
Client ID and
Client Secret to call the
Instagram.getAccessToken method, we made the process a little easier with this
access_token generator. Here’s what you need to do.
- Click Manage on the Instagram developer client tab
- Go to the Security tab
- Add the following URL: https://rapidsoftwaresolutions.github.io/OAuthTokenGenerator/instagram/2.html
- Uncheck the box “Disable implicit Auth”
- Copy your client ID
- Paste it in the “generate” tab on the the generator tool to get an
Again, here’s a GIF for your viewing pleasure.
Step 3: Call the Instagram API with RapidAPI
Now, we’ll call the API! We’ll use RapidAPI since we can export code snippets in multiple languages (NodeJS, Python, PHP, Java, Objective-C, cURL) and make the API call directly from the browser. Go ahead and visit the RapidAPI Instagram package page to try it for yourself.
You’ll notice that some functions will return an error regarding
access_token scopes and permissions. Read on for what these scopes are and which endpoints require them.
Instagram API: What You Can and Can’t Build
As of June 2016, Instagram restricted a lot of access to their API. While this was likely a business decision on their part to increase Instagram downloads over third-party apps, Instagram’s change makes it trickier to know what you can and can’t build as a developer.
Here are the three types of apps that Instagram says that it can support in their announcement.
- Apps that help individuals share their own content with 3rd party app
- Apps that help brands and advertisers understand and manage their audience and media rights
- Apps that help broadcasters and publishers discover content, get digital rights to media, and share media with proper attribution
In order to enforce these new rules, Instagram has created multiple scopes for OAuth access tokens as well as a Sandbox mode.
OAuth Access Token Scopes
While older versions of the Instagram API only required a
client_id, now all requests require an
access_token generated will have a scope associated with it. Scopes define what an
access_token can and cannot be used for.
When you register an app on Instagram, you’ll get an access token with
basic authorization, which means that you will be able to read a user’s profile info and media. Other API functions require additional permission. Here’s the breakdown of the token authorizations:
basic– to read a user’s profile info and media
Needs additional permission:
public_content– to read any public profile info and media on a user’s behalf
follower_list– to read the list of followers and followed-by users
comments– to post and delete comments on a user’s behalf
relationships– to follow and unfollow accounts on a user’s behalf
likes– to like and unlike media on a user’s behalf
In order to get the additional scopes outside of
basic, you’ll need to submit your app for review with Instagram directly. To see what endpoints of the Instagram API require permissions, jump down to our section on functionalities and scopes.
Another way Instagram monitors new developments is by introducing a Sandbox mode. Before an app can go live, it must go through Sandbox mode. This mode allows Instagram to review your app to see if it meets one of its three uses cases (jump to section).
The most important things to know about Sandbox mode are as follows:
- Limited content: Sandbox mode only displays 20 posts of whatever users are uploaded manually into the app.
- Limited users: You can invite up to 10 users into Sandbox mode. The app will let them display only their most recent 20 posts as well.
Sandbox mode can be a little confusing. Here’s one point of clarification that we’ve found people get stuck on. You can request additional
access_token scopes from within Sandbox mode; you don’t need to go live to request them.
Need more info? We’ve found this article by Emerson This to be extremely helpful.
Instagram API Endpoints by Required Access Token Scope
To see each Instagram API endpoint and it’s parameters (including
access_token scope required ), visit this page on the Instagram developer portal.
For RapidAPI’s endpoints, here are the ones that require a specific
That’s about it! Let us know in the comments if you have any questions or if you have a project to share.