CODEWITHSUNDEEP
oauth-2.0instagram-api
Ismael Lopez
Ismael Lopez

Reputation: 21

How to refresh access_token without a refresh_token with instagram api

I am looking to refresh my access_token for my instagram client, so that my users won't need to login every time the access token expires. Is there a way to do this without a refresh_token (the instagram api response does not contain a refresh_token).

You can see the steps laid out by instagram here: https://www.instagram.com/developer/authentication/

Here is the response object for the instagram oauth api:

{ "access_token": "fb2e77d.47a0479900504cb3ab4a1f626d174d2d", "user": { "id": "1574083", "username": "snoopdogg", "full_name": "Snoop Dogg", "profile_picture": "..." } }

I would expect for there to be a "refresh_token" field in the response so that later we can request a new "access_token".

Upvotes: 2

Views: 6172

Answers (2)

William Mai
William Mai

Reputation: 104

First, you'll need to get a long-lived access token using the regular access token (which is only valid for one hour):

curl -i -X GET "https://graph.instagram.com/access_token
  ?grant_type=ig_exchange_token
  &client_secret={instagram-app-secret}
  &access_token={short-lived-access-token}"

Then, you can refresh the long-lived token by requesting the GET /refresh_access_token endpoint using the long-lived token it-self:

curl -i -X GET "https://graph.instagram.com/refresh_access_token
  ?grant_type=ig_refresh_token
  &access_token={long-lived-access-token}"

Refreshing a long-lived token makes it valid for 60 days again.

You can check the Instagram documentation for more details.

Upvotes: 3

hermanschutte
hermanschutte

Reputation: 663

There is no way to refresh the token without the user re-authorizing with their account. There is a notice about it on the link you posted:

Even though our access tokens do not specify an expiration time, your app should handle the case that either the user revokes access, or Instagram expires the token after some period of time. If the token is no longer valid, API responses will contain an “error_type=OAuthAccessTokenException”. In this case you will need to re-authenticate the user to obtain a new valid token. In other words: do not assume your access_token is valid forever.

Upvotes: 1

Related Questions