Instagram Signed Call in Python

Question

I am trying to achieve a signed call to Instagram API in Python. Currently my headers looks like this :

user_agent = 'Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7'
headers = {
    'User-Agent': user_agent,
    "Content-type": "application/x-www-form-urlencoded"
}

I tried several permutations on the instructions given at this page (Restrict API Requests @ instagram), including the HMAC method and enabling "Enforce Signed Header" in my API settings page.

But I keep getting either a headers not found or 403 error. I just cant figure out how to properly code X-Insta-Forwarded-For

Can you please help with how to pass Signed call with header in Python?
Much appreciated...

Answer 1

This should do it for you. You'll need the Crypto python library as well.

import requests
from Crypto.Hash import HMAC, SHA256

#change these accordingly
client_secret = "mysecret"
client_ip = "127.0.0.1"

hmac = HMAC.new(client_secret, digestmod=SHA256)
hmac.update(client_ip)
signature = hmac.hexdigest()

header_string = "%s|%s" % (client_ip, signature)

headers = {
    "X-Insta-Forwarded-For" : header_string,
    #and the rest of your headers
}

#or use requests.post or del since that's the 
#only time that this header is used...just 
#conveying the concept
resp = requests.get(insta_url, headers=headers)

If you test it with the example that's given on the reference you listed, you can verify that you get the correct hash using this method

ip = "200.15.1.1"
secret = "6dc1787668c64c939929c17683d7cb74"
hmac = HMAC.new(secret, digestmod=SHA256)
hmac.update(ip)
signature = hmac.hexdigest() 
# should be 7e3c45bc34f56fd8e762ee4590a53c8c2bbce27e967a85484712e5faa0191688

Per the reference docs - "To enable this setting, edit your OAuth Client configuration and mark the Enforce signed header checkbox." So make sure you have done that too