The Instagram Basic Display API is an HTTP-based API that apps can use to get an Instagram user’s profile, images, videos, and albums.


Base URLs

Authorization Codes

Authorization Codes are exchanged for short-lived Instagram User Access Tokens. To get an authorization code, implement the Authorization Window into your app. After an app user authenticates their identity through the window, we will redirect the user to your app an include an Authorization Code. You can then use the API to exchange the code for the Instagram user’s app-scoped short-lived Instagram User Access Token.

Authorization Codes are short-lived and are only valid for 1 hour.

Instagram User Access Tokens

API authentication is handled by Instagram User Access Tokens that conform to the OAuth 2.0 protocol. Access tokens are app-scoped (unique to the app and user pair) and can be short-lived or long-lived. API requests that query Instagram users or their media must include an Instagram User Access Token.

Short-Lived Access Tokens

Short-lived access tokens are valid for 1 hour, but can be exchanged for long-lived tokens. To get a short-lived access token, implement the Authorization Window into your app. After the app user authenticates their identity through the window, we will redirect the user back to your app and include an Authorization Code, which you can then exchange for a short-lived access token.

Long-Lived Access Tokens

Long-lived tokens are valid for 60 days and can be refreshed before they expire. Short-lived access tokens can be exchanged for long-lived access tokens through the GET /access_token endpoint. Once you have a long-lived access token you can refresh it before it expires through the GET /refresh_access_token endpoint.


Data access authorization is controlled by your app users through the use of the permissions listed below. Users must grant your app these permissions through the Authorization Window before your app can access their data.

All permissions need to be approved for your app through the App Review process before they can be used in Live Mode.

Authorization Window

The Authorization Window allows your app to get short-lived Instagram User Access Tokens and permissions from Instagram users in order to access data in their Instagram accounts.

To implement the Authorization Window, refer to our Getting Access Tokens guide.

Instagram Testers

In order to test your app with an Instagram User, you must first send an invitation to the Instagram User's account and accept the invitation. Invitations can be sent from the Instagram Testers section in the App Dashboard > Roles > Roles tab.

Invitations can be accepted by the Instagram User in the (Profile Icon) > Edit Profile > Apps and Websites > Tester Invites section of the Instagram website or mobile app after signing into their account.


Data in the API consists of Instagram users and their media (images, videos, and albums). All data is protected by permissions; in order for your app to access a user’s data, the user must grant your app permission to do so through the Authorization Window.


Instagram users and their profiles are represented by User nodes.


Photos, videos, and albums are represented by Media nodes and are created on individual Users.

Rate Limits

All endpoint requests are subject to Graph API’s Platform Rate Limiting.

You can see your app's current call count consumption in the App Dashboard > Instagram > Basic Display Rate Limiting tab after adding the Instagram product to your app.

App Review

All permissions need to be approved for your app through the App Review process before your app can request them from users while in Live Mode.

When you have completed app development and are ready to switch your app to Live Mode, review our App Review, Sample Submissions, and Common Rejection Reasons documents to learn about the App Review process. Once you are familiar with the process, you can request approval for Instagram Basic Display API permissions through the App Dashboard > Products > Instagram > Basic Display tab.

Business Verification

In addition to general App Review, you will be asked to complete Business Verification. You can complete Business Verification independent of the App Review process.

How It Works

To use the API, first get the Authorization Window and present it to an app user. The app user authenticates their identity through the window and authorizes your app to access their data by granting your app specific permissions. Once authenticated, the window redirects back to your app and includes an Authorization Code. Capture the code and exchange it for a short-lived Instagram User Access Token. Once you have a short-lived token, you can use it to query User and Media endpoints for any data the user has permitted your app to access, or exchange it for a long-lived token.

Next Steps

Follow our Get Started guide to learn how to set up an app and perform a basic API request.