75

I'm really struggling in how I'm meant to get my access token for Instagram,

I've registered a new client and then I used this URL

https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code

to fill in the clients ID and redirect Url.

I then was redirected to a page where it displayed a code in the Url but from there I don't have a clue where id then get my access token.

Braiam
  • 1
  • 11
  • 47
  • 78
Gerry Mckay
  • 847
  • 1
  • 13
  • 17
  • http://jelled.com/instagram/access-token – Ben Apr 06 '15 at 18:56
  • Get one with your account http://instagram.pixelunion.net/ ...super easy. – rebeling Nov 28 '16 at 22:19
  • 1
    Really late response but I had to do this again recently so created a tutorial (ready for when I have to do it again) see: http://bobmckay.com/web/simple-tutorial-for-getting-an-instagram-clientid-and-access-token – Mr Fett May 22 '14 at 08:38

11 Answers11

47

Link to oficial API documentation is http://instagram.com/developer/authentication/

Longstory short - two steps:

Get CODE

Open https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code with information from http://instagram.com/developer/clients/manage/

Get access token

curl \-F 'client_id=CLIENT-ID' \
    -F 'client_secret=CLIENT-SECRET' \
    -F 'grant_type=authorization_code' \
    -F 'redirect_uri=YOUR-REDIRECT-URI' \
    -F 'code=CODE' \
    https://api.instagram.com/oauth/access_token
Marek Jalovec
  • 1,427
  • 11
  • 12
  • 1
    This is the only thing that worked for me. The other answers above no longer work. I followed this tutorial here http://dmolsen.com/2013/04/05/generating-access-tokens-for-instagram/ – Phil May 27 '15 at 15:28
  • 3
    Is it possible to get code from `https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code` directly? Or I really need to have another endpoint just to catch the code return? It is complicated and annoying – tom10271 Mar 17 '16 at 06:36
  • 3
    If you set response_type to token it works. It didn't work with code for me. – Rorok_89 Jul 12 '16 at 11:30
  • @aokaddaoc You don't need to have another endpoint, Instagram will redirect to that URI passing the token on the URL, as in `http://your-redirect-uri#access_token=ACCESS-TOKEN` – Bruno Peres Dec 07 '16 at 14:29
  • 4
    now instagram changed its api we are not able to fetch code – Shakti Jan 09 '18 at 06:17
  • But what if i don't want to authenticate all users, but just want show my instagram photos on the website? Mean, i want to authenticate from server like this: https://api.intagram.com/auth?login=login&password=password, and get token. It is possible? – Valentyn Vynogradskiy Jul 15 '19 at 11:19
12

Almost all of the replies that people have posted so far only cover how to handle access tokens on the front end, following Instagram's client-side "implicit authentication" procedure. This method is less secure and unrecommended according to Instagram's API docs.

Assuming you are using a server, the Instagram docs sort of fail in providing a clear answer about exchanging a code for a token, as they only give an example of a cURL request. Essentially you have to make a POST request to their server with the provided code and all of your app's information, and they will return a user object including user information and the token.

I don't know what language you are writing in, but I solved this in Node.js with the request npm module which you can find here.

I parsed through the url and used this information to send the post request

var code = req.url.split('code=')[1];

request.post(
  { form: { client_id: configAuth.instagramAuth.clientID,
            client_secret: configAuth.instagramAuth.clientSecret,
            grant_type: 'authorization_code',
            redirect_uri: configAuth.instagramAuth.callbackURL,
            code: code
          },
    url: 'https://api.instagram.com/oauth/access_token'
  },
  function (err, response, body) {
    if (err) {
      console.log("error in Post", err)
    }else{
      console.log(JSON.parse(body))
    }
  }
);

Of course replace the configAuth stuff with your own information. You probably aren't using Node.js, but hopefully this solution will help you translate your own solution into whatever language you are using it in.

Quest
  • 560
  • 4
  • 16
10

I got the same problem before, but I change the url into this
https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token

Andre
  • 145
  • 1
  • 7
  • 3
    Yess! - this works - as of the way instagram works right now it should be the best answer for less secure server based requests. Example: I just need to get the last few images for a user. -Uncheck Disable implict OAuth in the security tab of your instagram developers page. -Use the URL above with replaced values -get the access_token from the redirect URI Now you can do simple things like https://api.instagram.com/v1/users/[CLIENT ID]/media/recent/?access_token=[TOKEN] These don't need to be that secure anyway - instagram has over complicated requests like this. – Tycon Jun 21 '16 at 17:55
6

The Instagram API is meant for not only you, but for any Instagram user to potentially authenticate with your app. I followed the instructions on the Instagram Dev website. Using the first (Explicit) method, I was able to do this quite easily on the server.

Step 1) Add a link or button to your webpage which a user could click to initiate the authentication process:

<a href="https://api.instagram.com/oauth/authorize/?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code">Get Started</a>

YOUR_CLIENT_ID and YOUR_REDIRECT_URI will be given to you after you successfully register your app in the Instagram backend, along with YOUR_CLIENT_SECRET used below.

Step 2) At the URI that you defined for your app, which is the same as YOUR_REDIRECT_URI, you need to accept the response from the Instagram server. The Instagram server will feed you back a code variable in the request. Then you need to use this code and other information about your app to make another request directly from your server to obtain the access_token. I did this in python using Django framework, as follows:

direct django to the response function in urls.py:

from django.conf.urls import url

from . import views

app_name = 'main'
urlpatterns = [
        url(r'^$', views.index, name='index'),
        url(r'^response/', views.response, name='response'),
]

Here is the response function, handling the request, views.py:

from django.shortcuts import render
import urllib
import urllib2
import json

def response(request):
    if 'code' in request.GET:
        url = 'https://api.instagram.com/oauth/access_token'
        values = {
            'client_id':'YOUR_CLIENT_ID',
            'client_secret':'YOUR_CLIENT_SECRET',
            'redirect_uri':'YOUR_REDIRECT_URI',
            'code':request.GET.get('code'),
            'grant_type':'authorization_code'
        }
        data = urllib.urlencode(values)
        req = urllib2.Request(url, data)
        response = urllib2.urlopen(req)
        response_string = response.read()
        insta_data = json.loads(response_string)
        if 'access_token' in insta_data and 'user' in insta_data:
            #authentication success
            return render(request, 'main/response.html')
        else:
            #authentication failure after step 2
            return render(request, 'main/auth_error.html')
    elif 'error' in req.GET:
        #authentication failure after step 1
        return render(request, 'main/auth_error.html')

This is just one way, but the process should be almost identical in PHP or any other server-side language.

jeffery_the_wind
  • 17,048
  • 34
  • 98
  • 160
6

The easy way that works in 2019

Disable implicit oauth under the security auth and THEN load this:

https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token

Specify REDIRECT-URI in your account and type it exactly as specified.

Callombert
  • 1,099
  • 14
  • 38
2

The access token is returned as a URI fragment after you authorize the application to use your Instagram data. It should look something like the following: enter image description here

Adam
  • 890
  • 4
  • 10
  • 5
    I'm still totally lost, I'm basically just pulling my Instagram feed into my website so i dont know how to get that what youve displayed above – Gerry Mckay May 12 '13 at 20:50
  • There are two flows when attempting to get an access token. For beginners, it seems easiest to use the "Client-Side (Implicit) Authentication". Without knowing what you've tried, or exactly where you are stuck, it's difficult to point you in the right direction. I wrote a short blog a few weeks ago that might help. http://symmetricinfinity.com/2013/04/06/download-your-likes-from-instagram.html – Adam May 13 '13 at 11:56
  • 1
    Really late response but I had to do this again recently so created a tutorial (ready for when I have to do it again), see: http://bobmckay.com/web/simple-tutorial-for-getting-an-instagram-clientid-and-access-token – Mr Fett May 22 '14 at 08:37
  • in this case use javascript. access_token = location.hash.replace('#access_token=',''); – user1021860 Aug 22 '17 at 11:36
1

Try this:

http://dmolsen.com/2013/04/05/generating-access-tokens-for-instagram/

after getting the code you can do something like:

curl -F 'client_id=[your_client_id]' -F 'client_secret=[your_secret_key]' -F 'grant_type=authorization_code' -F 'redirect_uri=[redirect_url]' -F 'code=[code]' https://api.instagram.com/oauth/access_token
boyfromnorth
  • 958
  • 4
  • 19
  • 41
  • 1
    what exactly is the redirect_URL? I can't find it in my manage account in instagram developer panel – Mona Jalal Mar 03 '17 at 02:51
  • 1
    Redirect_URL is the url that the Instagram response comes back to. So it's not in the developer panel. It's the one that you create to get the response back in your app/website. – boyfromnorth Mar 04 '17 at 05:12
1

100% working this code

<a id="button" class="instagram-token-button" href="https://api.instagram.com/oauth/authorize/?client_id=CLIENT_ID&redirect_uri=REDIRECT_URL&response_type=code">Click here to get your Instagram Access Token and User ID</a>
<?PHP
  if (isset($_GET['code'])) {

        $code = $_GET['code'];

        $client_id='< YOUR CLIENT ID >';
        $redirect_uri='< YOUR REDIRECT URL >';
        $client_secret='< YOUR CLIENT SECRET >';
        $url='https://api.instagram.com/oauth/access_token';

        $request_fields = array(
            'client_id' => $client_id,
            'client_secret' => $client_secret,
            'grant_type' => 'authorization_code',
            'redirect_uri' => $redirect_uri,
            'code' => $code
        );

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_POST, true);
        $request_fields = http_build_query($request_fields);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $request_fields);
        $results = curl_exec($ch); 
        $results = json_decode($results,true);
        $access_token = $results['access_token'];

        echo $access_token;

        exit();
    }

?>
Mehul Velani
  • 691
  • 9
  • 13
  • 2
    Welcome to Stack Overflow! While this code may answer the question, it is better to include some context, explaining how it works and when to use it. Code-only answers tend to be less useful in the long run. See [How do I write a good answer?](https://stackoverflow.com/help/how-to-answer) for some more info. – Mark Ormesher Jan 07 '19 at 09:11
  • Please look into this: https://stackoverflow.com/questions/59052304/oauthaccesstokenexception-the-access-token-provided-is-invalid-instagram-new-api – user2028 Nov 27 '19 at 06:34
0

By using https://www.hurl.it/ i was able to see this: { "code": 400, "error_type": "OAuthException", "error_message": "Matching code was not found or was already used." }

so: you have to get new code for every request.

Tone Škoda
  • 1,463
  • 16
  • 20
0

If you don't want to build your server side, like only developing on a client side (web app or a mobile app) , you could choose an Implicit Authentication .

As the document saying , first make a https request with

https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token

Fill in your CLIENT-ID and REDIRECT-URL you designated.

Then that's going to the log in page , but the most important thing is how to get the access token after the user correctly logging in.

After the user click the log in button with both correct account and password, the web page will redirect to the url you designated followed by a new access token.

http://your-redirect-uri#access_token=ACCESS-TOKEN

I'm not familiar with javascript , but in Android studio , that's an easy way to add a listener which listen to the event the web page override the url to the new url (redirect event) , then it will pass the redirect url string to you , so you can easily split it to get the access-token like:

String access_token = url.split("=")[1];

Means to break the url into the string array in each "=" character , then the access token obviously exists at [1].

OOD Waterball
  • 707
  • 1
  • 11
  • 31
-1

go to manage clinet page in :

http://www.instagram.com/developer/

set a redirect url

then :

use this code to get access token :

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>tst</title>
<script src="../jq.js"></script>
<script type="text/javascript">
       $.ajax({
            type: 'GET',
            url: 'https://api.instagram.com/oauth/authorize/?client_id=CLIENT-‌​ID&redirect_uri=REDI‌RECT-URI&response_ty‌pe=code'
            dataType: 'jsonp'}).done(function(response){
                var access = window.location.hash.substring(14);
                //you have access token in access var   
            });
</script>
</head>
<body>  
</body>
</html>
Omid Reza Heidari
  • 658
  • 12
  • 27