2

I'm using the Instagram API and want to get the access_token in order to throw api requests over my own account. When I try to follow the first step and get the authorization code programmatically using RestTemplate I can't get it work. 

String AUTHORIZE_URL = "https://api.instagram.com/oauth/authorize/?client_id=<CLIENT_ID>&redirect_uri=<REDIRECT_URI>&response_type=code";
String url = String.format(AUTHORIZE_URL, clientId, redirectUri);
String o = restTemplate.getForObject(url, String.class);

The response is the html code of the login page because Instagram requires the user to be logged in to check if the app is authorized (of course it is, since the app an the user belongs to my own account).

How can I authenticate before throwing that request so they return the code to my redirectUri and not complain about login? Note: I tried simulating the request to their login form but it returned a 403 Forbidden.

NOTE: I already got a valid access_token, manually generated, and it works perfectly but I want to implement also a process to re-generate a new access_token automatically since they may invalidate it at any time in the future.

Even though our access tokens do not specify an expiration time, your app should handle the case that either the user revokes access, or Instagram expires the token after some period of time. If the token is no longer valid, API responses will contain an “error_type=OAuthAccessTokenError”. In this case you will need to re-authenticate the user to obtain a new valid token. In other words: do not assume your access_token is valid forever.

e_v_e
  • 478
  • 3
  • 16

1 Answers1

0

Instagram is upgrading their APIs and the flows. Earlier we needed access token to bypass forced login screen. Since yesterday, they have removed that.

Now if you call this code, it will check if you are already logged in or not. If so, it will call the AUTHORIZE_URL of yours and will send a response code. The format will be either:

Now what I'm doing is I'm directly calling the above URL of yours every time. Now if the user is logged in, a response code will be sent to you, else user will be asked to login and validate your app and then the code will be sent. Technically, you are eliminating the possibility of the error case! So no need of overhead of storing access token in your database or verifying its validity.

Just try and check now what happens.

PS: If you want to check API behavior, simply type the URL on the browser and check what it returns! It helped me a lot while coding and debugging! :)

coderz
  • 1,366
  • 1
  • 12
  • 23
  • I won't use the app with data of any other user but myself.. I just want to get my own account info using the API. Thus, I just want to call the API to get that information that belongs to my account (the same account where the app was created). That's why I don't want to show the screen login, I don't need it. The whole process of getting the access_token should be automatic (from server to server) and it will not require any human interaction. Thanks for your answer anyway! – e_v_e Nov 26 '15 at 12:48
  • Simply call the instagram access url with your redirect uri, scope and access code field. Run another Instagram API which will return the access token based on this code and then you are free to fetchyour details with User endpoints. – coderz Dec 03 '15 at 08:59
  • PS: Use server authentication as its more secure(recommended by Instagram developers, induces more flows). If you want direct access token, use implicit flow(less secure). – coderz Dec 03 '15 at 09:00