x-instagram-gis 💥

[jlobos]

New header of authentication

[bodinsamuel]

From what I found in their JS

Currently x-instragram-gis is an md5,
but it has changed multiple time in the last weeks.
Also it's only sent for some endpoints and not for every request.
I feel like it's not mandatory but when passed in header it's checked and must be valid

window._sharedData.rhx_gis + ':' + window._sharedData.config.csrf_token + ':' + path

window._sharedData.rhx_gis is an md5
window._sharedData.config.csrf_token is an md5

Problem
rhx_gis token and csrf_token change on every request.
So it will be quiet hard for you to generate it

Example for an hashtag

GET /explore/tags/hello/

MD5("5641c11aeb7f211ec1ac05193a687b84:8d509c28896865f8640f328f30f15721:/explore/tags/hello/")

[aleks63]

Some endpoints, like this important https://www.instagram.com/zuck/?__a=1
Are not available now, maybe because this header, maybe no.
What do you think?

[bodinsamuel]

You are right, for the moment I'v listed few endpoints that need that header.
I'm not using all endpoints so there is probably more and I'm also not using this library (I use my custom one)

# profil endpoint
- /<username>/

# hashtag endpoint
- /explore/tags/<hashtag>/

# picture endpoint
- /p/<shortcode>

The main issue with this change, is the need of the original gis token, which is present in the initial html payload but not generated. If you delete this value, the web version of instagram actually 403 and then force reload the page :/

[Saiirex]

any new infos?

[ivkos]

Has Instagram changed something again? getUserByUsername worked yesterday but started failing with 403 today.

[WINBIGFOX]

getUserByUsername

calculate the x-instagram-gis
window._sharedData.rhx_gis + ':' + path

Example
MD5("5641c11aeb7f211ec1ac05193a687b84:/username/")

[jlobos]

https://github.com/jlobos/instagram-web-api/blob/master/lib/index.js#L95-L103

  async _getGis(path) {
    const { rhx_gis, config: { csrf_token } } =
      this._sharedData || (await this._getSharedData(path))

    return crypto
      .createHash('md5')
      .update(`${rhx_gis}:${csrf_token}:${path}`)
      .digest('hex')
  }

[ivkos]

Apparently, they've stopped using the CSRF token for the "gis" hash. I've just tried @WINBIGFOX 's suggestion, and it works.

[Saiirex]

now i have this error:

Missing token 'user-agent' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel

my code:
`var variables = '{"id":"' + userId + '","first":12,"after":"' + nextId + '"}';
var nextUrl ='https://www.instagram.com/graphql/query/?query_hash=42323d64886122307be10013ad2dcc44&variables=';

            nextUrl = nextUrl + variables;

            var instagramGis = md5(gis + ":" + variables);

            $.ajax({
                url: nextUrl,
                url: nextUrl,
                beforeSend: function(request) {
                    request.setRequestHeader("user-agent", window.navigator.userAgent);
                    request.setRequestHeader("x-instagram-gis", instagramGis);
                    request.setRequestHeader("X-CSRFToken", csrfToken);

                },
                type: 'GET',
                success: function(data){
                    media = data.data.user.edge_owner_to_timeline_media;
                    nodes = media.edges;
                    nextId = media.page_info.end_cursor;

                    var newMediaFromNode = getMediaFromNodes(nodes, false);

                    $.each(newMediaFromNode, function(index, element){
                        finalMedia.push(element);
                    });
                },
                error: function (xhr, status, error) {
                    alert(error);
                },
                async : false
            });`

any idea how to fix it?

[tresdosdos]

there are so much new info about new headers. When the lib will be fixed? Because I use this API in my final project and this makes me mad, because I can't develop it more =(

[ivkos]

@tresdosdos Does your project use the version from npm or the latest master branch? The master branch works fine currently but I don't think the changes have been published to npm yet. In order to use it you need to install it like this:

npm install jlobos/instagram-web-api

[tresdosdos]

Thanks so much сб, 21 апр. 2018 г., 8:30 Ivaylo Stoyanov <notifications@github.com>:

…

@tresdosdos <https://github.com/tresdosdos> Does your project use the version from npm or the latest master branch? The master branch works fine currently but I don't think the changes have been published to npm yet. In order to use it you need to install it like this: npm install jlobos/instagram-web-api — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#30 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AinH5ZQ0oNi5wO8H169mVYZxUEjp1hhKks5tqsP6gaJpZM4TRDvg> .

[ghost]

[edit: delete]

[icelts]

seem its not work anymore