I'm a little confused on how authentication works in Instagram. I want to display Instagram posts on a widget. But if I manually generate a single access_token I'm worried about hitting the limit (5000/hour) as it is a large web application.
Here's what I'm thinking: Have each user authenticate with their Instagram account and store their access_tokens and use the tokens to query Instagram's API. So essentially each user will be presented with Instagram posts queried using their access_token. And if the token expired for whatever reason I can easily have them re-authenticate. I need each user to authenticate anyway for other purposes.
I am not sure if the server could re-authenticate while providing a seamless experience for users.
Is this the right approach or is my thought process completely off?
EDIT: So I decided to have each user authenticate and call the Instagram API with each user's access_token. Everything has been working great. However, while testing the authentication one of my test accounts, I received this message "We noticed some unusual activity on your account. We'll send you a security code to verify your account." Are my API queries seen as unusual by Instagram if I'm querying public posts by tag for example? I'm worried my approach will cause end users to have to verify and ultimately make my application viewed as spam.
EDIT: I was hoping an Instagram API expert could offer advice on this topic. My application has been continuously querying for posts without issue. So for now I'm sticking to having each user authenticate and call the API using their access_token. I may have given the wrong impression when I said the Instagram posts would be on a "widget". I didn't mean a simple Instagram feed on a website. So if anyone has used the Instagram API for large amounts of querying for their application, please share your approach if possible!
First of all you need to register as a developer at http://instagram.com/developer/. Click on the Register Your Application button. Now enter your application name, description, website, OAuth redirect URL and captha code and click the Register button.
Data returned by the API cannot be used to authenticate your app users or log them into your app. If your app uses API data to authenticate users, it will be rejected during App Review. If you need an authentication solution, use Facebook Login instead.
In 2018, Instagram shut down its public API. Meaning, third-party apps can no longer access the API from Instagram without permission. Third-party apps now need to be approved by Instagram before they can access the API.
If the access_token
is invalid, you will get an error response like this:
{"error_type":"OAuthAccessTokenException","code":400,"error_message":"The access_token provided is invalid."}
check for this and ask user to login again
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With