1

I am creating an app that will be using a users access token to pull images from a hashtag feed and I want to be sure that the OAuth token will not expire. The user will be visiting the site regularly, but i don't want it to rely on instagrams maybe-could be someday attitude on when the tokens will expire.

I also don't want to use the app level token because i only get a limited amount of calls per hour and that will shrink quickly as more users are added.

Is there a way to refresh tokens or convert them into longer lasting tokens? Or at least have an expiration date so I know when to tell users to come back and re-auth?

user3610691
  • 353
  • 1
  • 5
  • 10

1 Answers1

6

The access_token will usually not expire, unless there was any suspicious activity, then instagram will revoke the access_token and you have get new ones.

If the user changes password then the access_token will not work, you have to get new ones.

My app has been working with same access_token for about 3 years, there is not expiration.

So implement in such a way that if access_token fails, ask user to re-authorize.

krisrak
  • 12,882
  • 3
  • 32
  • 46
  • 3
    Note that Instagram now [explicitly states](https://www.instagram.com/developer/authentication/) in their documentation that you should not assume your token will be valid forever. So it's not something we can assume will be OK provided we don't engage in whatever Instagram considers "suspicious activity." The last part of this answer is correct, though; we have no choice but to ask the user to re-authorize when Instagram (with no notice or supplied reason) expires a token. IG provides neither refresh tokens nor the ability to renew expired access tokens. – kungphu Jun 15 '16 at 01:25