By default, Instagram User Access Tokens are short-lived and are valid for one hour. However, short-lived tokens can be exchanged for long-lived tokens.
Long-lived tokens are valid for 60 days and can be refreshed as long as they are at least 24 hours old but have not expired, and the app user has granted your app the instagram_graph_user_profile
permission. Refreshed tokens are valid for 60 days from the date at which they are refreshed. Tokens that have not been refreshed in 60 days will expire and can no longer be refreshed.
Use the GET /access_token
endpoint to exchange a short-lived Instagram User Access Token for a long-lived token. Once you have a long-lived token, you can use it in server-side requests or send it to the client for use there.
Your request must be made server-side and include:
Refer to the GET /access_token
reference for additional information.
curl -i -X GET "https://graph.instagram.com/access_token ?grant_type=ig_exchange_token &client_secret={instagram-app-secret} &access_token={short-lived-access-token}"
{ "access_token":"{long-lived-user-access-token}", "token_type": "bearer", "expires_in": 5183944 // Number of seconds until token expires }
Use the GET /refresh_access_token
endpoint to refresh unexpired long-lived Instagram User Access tokens. Refreshing a long-lived token makes it valid for 60 days again. Long-lived tokens that have not been refreshed in 60 days will expire.
Long-lived access tokens for private Instagram accounts cannot be refreshed. In addition, if an app user switches their account from public to private, their token will be invalidated and a new token must be requested.
Your request must include:
Refer to the GET /refresh_access_token
reference for additional information.
curl -i -X GET "https://graph.instagram.com/refresh_access_token ?grant_type=ig_refresh_token &access_token={long-lived-access-token}"
{ "access_token":"{long-lived-user-access-token}", "token_type": "bearer", "expires_in": 5183944 // Number of seconds until token expires }