Instagram API Matching code was not found or was already used

Question

I am seeing this error from my live server using the Instagram API.

{
   "Error":true,
   "message":"Matching code was not found or was already used."
}

I have read a few suggestion on here to clear cache but that isn't fixing the issue. I am also unable to submit a support ticket directly on the Instagram site as I am receiving an error message while attempting to submit a ticket.

Please check this simple [answer](https://stackoverflow.com/a/59159954/1576416) if you are following the same. — Amrut Bidri, Dec 03 '19 at 15:04

score 6 · Accepted Answer · answered Dec 19 '16 at 12:02

There are a bunch of developers complaining about the same issue at https://news.ycombinator.com/item?id=13178789. I don't think unchecking "Disable implicit OAuth" fixes the issue as I have already tried that and it didn't work.

The best thing you can do is to submit a report to instagram using your client id to put some pressure on their side to fix this issue.

score 2 · Answer 2 · answered Dec 18 '16 at 16:48

2

I have the same issue, I guess it's from Instagram I reported an issue from my client panel in developer > manage clients > Report issue. You can do they resolve this issue as soon as possible.

answered Dec 18 '16 at 16:48

Roham Shojaei

440
4
18

score 1 · Answer 3 · answered Dec 20 '16 at 14:41

There is definitely a problem with the Instagram OAuth flow. The returned authorization code doesn't seem to work for some reason, it's very likely a network related problem that they need to fix on their end.

My theory is that the authorization code generated is not distributed to all Instagram API servers, and if you happen to hit a bad node then you're out of luck.

However, I recently found a solution that doesn't rely on the authorization code. If you use the client-side authentication then you'll be able to retrieve the access token without ever using the authorization code. It's less secure but works great as a temporary fix.

You simply change response_type=code to response_type=token. The token response type will redirect the user back to your website using this URL structure:

http://your-redirect-uri#access_token=ACCESS-TOKEN

I recommend fetching the access token from the URL client-side using JavaScript, and then passing it to an endpoint on your website. E.g. /callback?accesstoken={accessToken}. This is required because the content in the hash is not passed to the server.

Example:

<script>
    if (window.location.hash && window.location.hash.indexOf('#access_token=') !== -1) {
        var accessToken = window.location.hash.replace('#access_token=', '');
        window.location.href = '/callback?accesstoken=' + accessToken;
    }
</script>

The code snippet above is copied and slightly modified from the solution at https://news.ycombinator.com/item?id=13178789

You can read more about Instagram client side authentication on https://www.instagram.com/developer/authentication/ under Client-Side (Implicit) Authentication

What I'm seeing from my own application is that the problem, which started spontaneously a couple of weeks ago, seem to be clearing up. I assume Instagram has been fixing the problem, although they never responded to my support ticket. — robbpriestley, Dec 27 '16 at 16:11
Yep it seems like they've fixed it on their end. I'm going to support both ways, so if the first one fails when using authorization code, then I will retry using response_type token. — Jón Trausti Arason, Dec 27 '16 at 16:12
In addition to the informative YCombinator thread mentioned above, there is an interesting story from a developer who discovered more information about a new redirect from api.instagram.com to www.instagram.com and how the token was getting "corrupted" during the process. But, as noted, the problem seems to be resolved without me needing to change my code. It is interesting to see the additional information, however. https://auth0.com/forum/t/suggested-fix-for-instagram-integration-oauthexception/4664/6 — robbpriestley, Dec 27 '16 at 16:33

score 0 · Answer 4 · answered Oct 20 '19 at 17:46

0

I just had the same issue. Not sure why, but for me the code returned from oauth/authorize/? had 2 special characters at the end - "#_". After removing these my code worked.

answered Oct 20 '19 at 17:46

Piotr Niewinski

1,298
2
15
27

score -1 · Answer 5 · answered Dec 19 '16 at 04:10

-1

This is due to security restrictions in place on your Instagram app. You can choose to allow it by unchecking "Disable implicit OAuth" for your Instagram app, under the Security tab.

answered Dec 19 '16 at 04:10

Benn Eichhorn

9

This does not work for me. Disable implicit OAuth has never been checked but thank you for your suggestion. – dsum27 Dec 19 '16 at 14:09
This may be true in some cases, but I think @raRaRa is on the right track describing a rash of recent incidents that spontaneously occurred. – robbpriestley Dec 27 '16 at 16:09

Instagram API Matching code was not found or was already used

5 Answers5

Linked