Monday, September 17, 2018

Retrieve Instagram profile information using oAuth 2.0 using Instagram API



Early days to collect protected user information for any third party service, had to provide the user's account credentials in an account that has information or has to enter the information again. But this is not a secure method. As a solution to this problem oAuth protocol was introduced in 2006.

What is oAuth..?

oAuth is a delegated framework for authorization. Stands for open authorization. oAuth allows an end user's account information to be used by third-party services like Facebook, Instagram, Foursquare, etc. The value of this method is user don't want to expose their account username or password to the third-party service. OAuth 2.0 authorization framework enables third-party applications to obtain limited access to a web service. For more information about oAuth 2.0, visit https://oauth.net/


How oAuth 2.0 works in Instagram.



Before start coding, we need to create a developer account at https://www.instagram.com/developer .If you are an already Instagram user you can log in.

Then you need to register your application to receive client id and client secret. Click Register Your Application Button.

After login click register a New Client.


In your next screen fill the details and click Register.


  • Application Name - Enter your application name. The application name cannot contain Instagram, IG, Insta or gram words.
  • Description - Add a description.
  • Company name - Your company name.
  • Website URL - your website URL.
  • Valid redirect URL - *Enter redirect URL. This is the URL where the response will redirect.
  • Privacy Policy URL - your privacy policy URL
  • Contact email - your contact email.
Now you can see your application is registered successfully.

To view more details, click the manage button.

Now the application registration is successful. Next thing you need to do is implement the client application.

Obtain Access token.

There are two ways to obtain an access token from Instagram.
  • Implicit flow.
    • Instead of handling a code, we include the access_token as a fragment (#) in the URL. This method is less secure, but allows applications without any server component to receive an access_token.
  • Server-side (Explicit) flow. (Recommended)
    • Redirect the user to a URI of your choice. Take the provided code parameter and exchange it for an access_token by POSTing the code to our access_token URI.
Here I'm using Server-Side flow to get access token. Because this method has better security than the implicit method.

As the first step, we need to get the authorization code. For this need to send a GET request.

https://api.instagram.com/oauth/authorize/?client_id={CLIENT-ID}&redirect_uri={REDIRECT-URI}&response_type=code&scope=basic

client_id - Your client id. Can find in your created application.
redirect_uri - Redirect URI we entered when creating the application. (http://localhost:8080/callback)
scope - Here we enter what the client needs to get from the account. Default uses basic permission.To add multiple scopes use + sign.(scope=comments+likes). There are six permission types.
  • basic - can access basic details only. (your media & profile info)
  • public_content - (your media & profile info and media & profile info of public users)
  • comments - (your media & profile info and access to post and delete comments on your behalf)
  • relationships - (your media & profile info and access to follow and unfollow accounts on your behalf.)
  • likes - (your media & profile info and post and delete likes on your behalf)
  • follower_list - (your media & profile info and your follower & following lists)
response_type - This is how we receive the authorization code. There are two response types.
  • Code (uses when using explicit flow)
  • Token (uses when using implicit flow.This will directly give the access token.If you use this as response type you have to enable implicit oAuth from the created client.)
Since we are using explicit flow, we use response type as code for this example. Now you will redirect to the Instagram login page. Enter your credentials and log in. Now you will see a page like below. click Authorize. ( If you are already logged in you will receive the following page directly without login page.)
As result, you will receive a URI like below.


The authorization code is highlighted in the above picture. Keep this code safe, because we need this code to get the access token.

Next step is requesting the access token. For this, we have to send a POST request. POST request should contain the following parameters.
  • client_id - your client id.
  • client_secret - your client secret.
  • grant_type - what is the grant type.
  • redirect_uri - redirect URI. (callback URI)
  • code - code received from the authorization request.

If POST request is success, will see a JSON response like below.

{ "access_token": "fb2e77d.47a0479900504cb3ab4a1f626d174d2d", "user": { "id": "1574083", "username": "snoopdogg", "full_name": "Snoop Dogg", "profile_picture": "..." } }

Now to request information, can use the received access token like below.

https://api.instagram.com/v1/users/self/?access_token={ACCESS-TOKEN}

 For more information please refer the API document.

Posted by at

1 comment:

  1. Micheal AlexanderJanuary 4, 2020 at 7:58 AM

    Great blog. All posts have something to learn. Your work is very good and I appreciate you and hopping for some more informative posts. Retrieve Company Info

    ReplyDelete

Subscribe to: Post Comments (Atom)