I'm using Instagram Basic API to show media on my website via
https://graph.instagram.com/me/media?fields=id,caption,media_type,media_url&access_token=LONG_TOKEN_RECEIEVED
For that I generate a short lived token with the website of facebook developper, in Instagram Basic API section and I create a long lived token with
https://graph.instagram.com/access_token?grant_type=ig_exchange_token&client_secret=X&access_token=SHORT_TOKEN_RECEIEVED
My token is valid for 60 days, I want to know if there is a way to get a token which doesn't expire ?
thanks you
Related
I'm really confused what people do to get an access token for their Facebook account without going into the Facebook GraphAPI Generator? I have an account with 20 pages, when I create an 'app token', I get an error when I want to access the 'feed' endpoint in the GraphAPI so I'm guessing I have to use the short lived access token.
I have gone here to create a short lived access token: https://developers.facebook.com/tools/explorer/?method=GET&path=me%3Ffields%3Did%26&version=v10.0
then I did this to get a long-lived access token but this expires in 2 months..
response = requests.get(url=f"https://graph.facebook.com/v10.0/{client_id}/accounts?access_token={long_lived_access_token}")
print(response.json())
so my question is essentially what is the best way to get a short lived user access token without having to go into the UI?
I'm building a website that integrates Instagram Basic API to show my media posts. So far, I managed to authorize via
https://api.instagram.com/oauth/authorize?client_id=X&redirect_uri=X&scope=user_profile,user_media&response_type=code,
fetch a short-lived access token via https://api.instagram.com/oauth/access_token?client_id=X&client_secret=X&grant_type=X&redirect_uri=X&code=AUTH_CODE_RECEIEVED,
fetch a long-lived access token (as per the response I receive) via https://graph.instagram.com/access_token?grant_type=ig_exchange_token&client_secret=X&access_token=SHORT_TOKEN_RECEIEVED,
and lastly, show my media posts via https://graph.instagram.com/me/media?fields=id,caption,media_type,media_url&access_token=LONG_TOKEN_RECEIEVED.
However, the problem I am currently facing is that the obtained long-lived access token - which is meant to be valid for 60 days? - is expiring per hour or so. Meaning, on client-side, when I'm requesting the server to fetch media posts, using the token, the response returns with expired token exception.
I tried to use FB Access Token Debug Tool to check the token validity, and it shows that the token does indeed expire in about an hour. Why is this happening? I checked the response I'm getting from the long-lived token API, and it's a success with the token, grant_type, and expires_in fields.
Below is the screenshot of the debugger result.
.
What I'm trying to accomplish is rather straight-forward. Generate a long-lived access token that "should" be valid for 60-days use on server side. Then, I'll have to automate the token-refresh process afterwards. Any suggestions to the above issue?
Thanks in advance.
Regards,
Moh. Bokhari
The difficult part is getting a short-lived access token first; I found this useful page which explains step-by-step with screenshots on how to get a short-lived access token.
The link to the website
From the looks of the Instagram Basic Display API docs, it looks like both the auth code and access token expire after 1 hour. Is there any way to renew the access token without requiring the user to log in every time?
Link to relevant docs: https://developers.facebook.com/docs/instagram-basic-display-api/overview
Support for Long-Lived Access Tokens has been added to the Basic Display API.
Here is the documentation: https://developers.facebook.com/docs/instagram-basic-display-api/guides/long-lived-access-tokens
On my localhost, I have authenticated my user and goten a Refresh Token and Access Token using Passportjs.
I am using Google's Official Node.js library to get the Google Analytics data and it all seems to work fine.
On this GitHub issue, Justin clearly mentions that the expiry is set by Google's APIs.
How long is the refresh_token valid and at what time do i have to authorize myself again?
This is more of an Oauth2 question then a Google Analytics question.
Access tokens on google servers are good for one hour.
The refresh token does not expire and you can use it as many times as you want to request a new access token.
You should still handle invalid refresh tokens in your code. The user can revoke your access via there Google account. You can have max 50 out standing refresh tokens before the first one starts working. If i authenticate your application you will be given a refresh token if i do it again you get another refresh token there can be max 50 of them outstanding.
If the refresh token does become invalid you should just request authentication from your user again. The library you are using should be handling refreshing the access token for you.
How do we get the expiry time of the access token when using passport-oauth2? I was able to get the access token and refresh token values only. I tried multiple providers like facebook, box.
You cant get it directly, but check the official SDK doc to learn more about facbook sessions expiration. For example long life session (60 days).
Facebook login