The Instagram Basic Display API is an HTTP-based API that apps can use to get an Instagram user’s profile, images, videos, and albums.
api.instagram.com— for getting Instagram User Access Tokens
graph.instagram.com— for getting Instagram user profiles and media
Authorization Codes are exchanged for short-lived Instagram User Access Tokens. To get an authorization code, implement the Authorization Window into your app. After an app user authenticates their identity through the window, we will redirect the user to your app an include an Authorization Code. You can then use the API to exchange the code for the Instagram user’s app-scoped short-lived Instagram User Access Token.
Authorization Codes are short-lived and are only valid for 1 hour.
API authentication is handled by Instagram User Access Tokens that conform to the OAuth 2.0 protocol. Access tokens are app-scoped (unique to the app and user pair) and can be short-lived or long-lived. API requests that query Instagram users or their media must include an Instagram User Access Token.
Short-lived access tokens are valid for 1 hour, but can be exchanged for long-lived tokens. To get a short-lived access token, implement the Authorization Window into your app. After the app user authenticates their identity through the window, we will redirect the user back to your app and include an Authorization Code, which you can then exchange for a short-lived access token.
Long-lived tokens are valid for 60 days and can be refreshed before they expire. Short-lived access tokens can be exchanged for long-lived access tokens through the
GET /access_token endpoint. Once you have a long-lived access token you can refresh it before it expires through the
GET /refresh_access_token endpoint.
Data access authorization is controlled by your app users through the use of the permissions listed below. Users must grant your app these permissions through the Authorization Window before your app can access their data.
instagram_graph_user_profile— allows your app to read the User node, which represents the Instagram user, and the node’s edges.
instagram_graph_user_media— allows your app to read the Media node, which represents an image, video, or album, and the node’s edges.
To implement the Authorization Window, refer to our Getting Access Tokens guide.
In order to test your app with an Instagram User, you must first send an invitation to the Instagram User's account and accept the invitation. Invitations can be sent from the Instagram Testers section in the App Dashboard > Roles > Roles tab.
Invitations can be accepted by the Instagram User in the (Profile Icon) > Edit Profile > Apps and Websites > Tester Invites section of the Instagram website or mobile app after signing into their account.
Data in the API consists of Instagram users and their media (images, videos, and albums). All data is protected by permissions; in order for your app to access a user’s data, the user must grant your app permission to do so through the Authorization Window.
Instagram users and their profiles are represented by User nodes.
All endpoint requests are subject to Graph API’s Platform Rate Limiting.
You can see your app's current call count consumption in the App Dashboard > Instagram > Basic Display Rate Limiting tab after adding the Instagram product to your app.
When you have completed app development and are ready to switch your app to Live Mode, review our App Review, Sample Submissions, and Common Rejection Reasons documents to learn about the App Review process. Once you are familiar with the process, you can request approval for Instagram Basic Display API permissions through the App Dashboard > Products > Instagram > Basic Display tab.
In addition to general App Review, you will be asked to complete Business Verification. You can complete Business Verification independent of the App Review process.
To use the API, first get the Authorization Window and present it to an app user. The app user authenticates their identity through the window and authorizes your app to access their data by granting your app specific permissions. Once authenticated, the window redirects back to your app and includes an Authorization Code. Capture the code and exchange it for a short-lived Instagram User Access Token. Once you have a short-lived token, you can use it to query User and Media endpoints for any data the user has permitted your app to access, or exchange it for a long-lived token.
Follow our Get Started guide to learn how to set up an app and perform a basic API request.