Instagram API: Likeboost and LikeHero

Question

I'm trying to figure out how Likeboost or LikeHero work, 'cause I believe Instagram doesn't allow you to use Like endpoint to add a like to an image and they require you to submit the app for review as they stated here:

To request access to this endpoint, please complete this form.

But these apps just ask for your username and password (Surprisingly you don't get transferred to Safari for authentication process) and then you could like an image from that particular app. How do they do that? Isn't this against the following paragraph?

The ability to POST and DELETE likes, follows and comments is restricted to applications that offer business services and not consumer facing apps.

Answer 1

That applications that you are mentioning are using a fake native login page in order to avoid you leave from the application (like @Matthew Antolovich said). Once they get the access_token, there are no more dificulties and they can use the API calls.

As you can see in the Authentication documentation they might be using the Client-Side (Implicit) that is less secure but it works for they purposes.

They are giving permissions only to trusty applications in order to avoid that fake applications (bot apps, fake users, ...) use some API functionalities.

If you want to use these calls, you should fulfill the form that they are giving to you once your application is finished. If you are still developing the application you have to trust the Like documentation without the capability of test if it works.

There are other ways to restrict apps to use some calls (limit of requests per day, ...) but this is how they are doing it so, we must adapt.