Investigate porting instafeed.js to the new OpenGraph API

[benjamin-hull]

Currently this issue is just to collect information regarding the new API and what it would involve to update instafeed.js to use it.

[benjamin-hull]

Creator Accounts

Currently the docs state that a Creator Account is needed to access the OG API.

Business and Personal accounts can be converted to a Creator account, but as of today, converting to Creator accounts is not available to everyone (from the link):

The Creator Account is slowly rolling out as an option for all users on Instagram.

Converting a Private Personal to a Creator account will make it public, and all follow requests will be automatically accepted:

If your personal account is private, completing these steps will make it public. Note that all pending follow requests will be automatically accepted when you go public.

[benjamin-hull]

Authentication with Facebook

From: https://developers.facebook.com/docs/instagram-api/overview#authentication

The Instagram Graph API is built on the Facebook Graph API.

All endpoint requests must include a Facebook User access token. However, unlike Facebook users, Instagram users cannot grant your app access tokens directly. Instead, they must connect their Instagram Business Account or Instagram Creator Account to a Facebook Page. Once connected, any Facebook User who is able to perform Tasks on behalf of that Page will be able to grant your app a User access token, which you can then include in API requests.

Page tokens are not supported.

So, at the very least someone wanting to use an OGAPI version of instafeed would need to be able to access an IG Creator account, a Facebook Page, and a Facebook User account to hook everything up.

Access tokens

From here: https://developers.facebook.com/docs/facebook-login/access-tokens/#usertokens

User access tokens come in two forms: short-lived tokens and long-lived tokens. Short-lived tokens usually have a lifetime of about an hour or two, while long-lived tokens usually have a lifetime of about 60 days. You should not depend on these lifetimes remaining the same - the lifetime may change without warning or expire early.

Access tokens generated via web login are short-lived tokens, but you can convert them to long-lived tokens by making a server-side API call along with your app secret.

So, if we imagine some tool which guides the implementer through the token generator process, this tool would also need to make a server-side call to convert the short-lived token to a long lived one. This can't be done from the browser, because it requires the app secret, which must be kept secure.

[benjamin-hull]

Permissions to access posts

The Instagram Public Content Access API appears to allow access to public IG posts, but the 'allowed usage' list significantly doesn't mention embedding or re-publishing. It doesn't say it's disallowed, either.

The only other reference I can find to a permission which allows media access (access to IG posts themselves) is: https://developers.facebook.com/docs/apps/review/login-permissions#instagram-manage-comments - which is for managing comments, which I guess requires being able to retrieve posts.

[stevenschobert]

Thanks for gathering up this research @benjamin-hull 🎉 I'll keep my eye on this thread as you continue to look into it.

[dalemartyn]

Looks like there is a new "Instagram Basic Display API", that won't require a creator account or facebook page to get basic instagram data (user profile, images).

But I don't know how it would work for something like instafeed.js, as access tokens only last for 1hr https://developers.facebook.com/docs/instagram-basic-display-api/getting-started

[benjamin-hull]

Thanks @dalemartyn - that does look promising (or at least, as promising as anything else). You're right - the issue with the access tokens is a big one. It basically means that a front-end only approach is off the table, and a server-side component would be needed to maintain fresh tokens for each instance of instafeed.js.

That's not impossible, but it's a big change from what instafeed.js currently is (and why people like it so much, IMO).

[benjamin-hull]

One other limitation according to these docs is that stories are not supported by the basic display API. Media collections are, so I don't know if the images/videos in a story would be exposed as a collection or not.

[benjamin-hull]

This is an interesting comment: https://developers.facebook.com/community/threads/380201796221875/ regarding the Basic Display API:

Also the token can only be used once in an hour, funny?

This sounds like the token is single use, and then can't be renewed for an hour, which is a totally different thing to a token with a lifetime of one hour. I'll see if I can find any more info on that.

[benjamin-hull]

More info: https://developers.facebook.com/community/threads/560755597993087/

The IDs are now app-scoped, which means that your ids will not be the same for other apps. Additionally, you're not allowed to use the new Basic API to sign in users.

Seems to suggest that the user ID would need to be generated by an instafeed.js service, not just copied in from elsewhere as has been done previously.

[guptashivansh]

Hi @benjamin-hull ,
Please look at this too.
https://developers.facebook.com/docs/instagram-basic-display-api/guides/long-lived-access-tokens .

The token would need to be saved and refreshed every 60 days making it difficult to implement and use as the current version of instafeed js.

[montemartin]

I just started looking for a solution to displaying and Insta feed yesterday, so I don't have a lot of historical knowledge about the API or Instafeed. That said, I'd love to help get this update in place if possible. I need a solution and I'd rather use something successful than build it entirely from scratch.

I ran across this article announcing the "long-lived access token" just this week, so it seems like something brand new. I can confirm that I was able to follow the basic display tutorial with a test FB app and get a token with a 60 day expiration.

The bigger issue here is probably seems to be the limitations of data returned by the Basic Display API. For my use case (display images from a single user) it's enough, but I don't see any way to access some of the other data necessary for Instafeed, (no query for hashtags, doesn't return comments, likes, or location).

[benjamin-hull]

Thanks @montemartin - I'd seen the long-lived tokens before, but that post does give more detail, and also includes the all-important shut-down date for the legacy API (March 2).

I think most current users of instafeed.js share your use-case of showing media from a single user which they control or have access to. If instafeed.js was limited to only this case, my opinion is that it would still be useful and worthwhile. Obviously this is @stevenschobert's project, but the discussions we've had make me think he'd likely agree with that.

The fundamental obstacle we face is that even the basic display API requires some server-side component to handle creating and refreshing tokens. The legacy tokens would work basically forever (though they weren't guaranteed), so having a manual, once-off process to create them was viable. Needing an initial token, plus a once-every-60-days-but-only-after-24-hours refresh rules out that approach.

As I see it, the options we have currently are:

1. Add a server-side component that users would self-host. Next question: Which platform(s)/languages(s) to build it in?
2. Create a central Instagram API token service that instafeed.js could talk to for its tokens. Next questions: Who wants to build and maintain that, and how much would it cost users? (Practically speaking, it couldn't be free)

Speaking for myself, neither of these "feel like instafeed.js", so whether a service like this should be a new thing or be called "instafeed" is another question to answer.

[euidong]

It's simple example get feed from new facebook API.

if you get long-term access token, this example will help you :)

Example

[dalemartyn]

Just seen this on instagram.com/developer:

Q: I'm using the Instagram Legacy API to just display my personal Instagram Feed on my personal website. Can I do this on the Instagram Graph API?
A: Yes, you may do this with the User Token Generator on the Instagram Basic Display API. The User Token Generator does not require App Review, but it will only work for your owned Instagram accounts (i.e. accounts for which you know the login credentials). Please refer to the developer documentation to learn more. If you're using the Legacy API to display multiple accounts on your website, then you must apply for permissions to Instagram Basic Display API via App Review. If you're using the Legacy API for any other use case, you must apply for permissions on the Instagram Graph API platform via App Review.

So you can generate long-lived access tokens without implementing an OAuth flow if you simply want to display media on your own website. Although I think you'd still want a server component to save and refresh the access tokens as they last for 60 days, and you wouldn't want it to be public.

[benjamin-hull]

Instafeed v2 now supports the new Basic Display API. Thanks for all the helpful feedback, folks!