2

Is there any knowledge out there about migration steps needed for a legacy Instagram app during and immediately after it goes through review? Instagram's details are here: http://developers.instagram.com/post/133424514006/instagram-platform-update

I have read all of the API documentation and blogs I could find, and am coming up short on what steps will be needed for guaranteeing 100% up-time of our Instagram integration. For background, we have around 2000 client tokens stored which we use 24/7. We mine both client specific data as well as use token pools for mining public data, and so our stock of API tokens is a resource that we need to be careful with. So we either need a migration plan or a plan for proactive mitigation if some type of mass re-authentication effort is necessary.

Specifically, I am wondering if anybody has insight on these things:

  1. For a legacy application, what state will previously authenticated user tokens be in after approval and becoming a "Live" application?

    a. Specifically, will the existing tokens all need to be refreshed? Will they have reduced permission on the new API? Or will they continue to act as before on the deprecated API up until they are refreshed or June 1st, 2016 rolls around?

  2. Is there a smooth way to transition between the old permissions model and new? Requesting the new permissions on a legacy client fails. Therefore we cannot ship the new model before our application is approved, but once we are approved our existing OAuth flow won't have the appropriate permissions and any new tokens created after our app is approved but before we ship an OAuth update will be insufficient for our needs.

    b. Once approved, does the application get to handle its own cutover time so we can time it with deploying an OAuth flow update? Or does it happen asynchronously on approval and we'll need to be ready to make the cutover ourselves?

Patrick McBryde
  • 21
  • 1

1 Answers1

1

We are pretty much facing the exact same problem: It seems Instagram, very recently, added a new section on their developer site which briefly touches upon this: Platform Update Guide

For example, you will have to re-authenticate your users with the extra permissions like public_content to have access to public content after June 1st. You can view permissions needed for specific endpoints on the developer page. If you want access to get recent media for a specific hashtag, you will need this public_content scope. And so you HAVE to re-authenticate.

Everything will, however, work as is until June 1st. Regardless if your app has gotten approved or not. Like you said, you can only request these extended permissions with an app that has been approved.

Even though your app will not see the new API behavior until June, you will have access to the new OAuth scopes as soon as your app is approved for them. This means that you should do the following after your app has been approved:

  1. Authenticate new users with the new scopes
  2. Migrate old access tokens by re-authenticating old users

To re-authenticate old users, you can invoke the oauth dialog with all scopes (just as if they were new users), and users will automatically see a dialog with only the permissions they have not yet granted. Once the OAuth flow is completed, you will get back an access token with the same string, but updated scope.

nithinisreddy
  • 317
  • 3
  • 7