I need help for creating the REST endpoints. There are couple of activities :
To change the email there are 3 URL requests required:
/changeemail : Here one time password (OTP) is sent to the user's mobile
/users/email : the user sends the one time password from previous step and system sends the email to the new user to click on the email activate link
/activateemail : user clicks on the link in the new email inbox and server updates the new email
To change password :
/users/password (PATCH) : user submits old password and new password and system accordingly updates the new password
Similarly, there are other endpoints to change profile (field include bday, firstname and last name)
after reading online I believe my system as only users as the resource --> so to update the attributes I was thinking of using a single PATCH for change email and change password and along with that something like operation field so the above two features will look like :
For changing email :
operation : 'sendOTPForEmailChange'
operation : 'sendEmailActivationLink'
operation : 'activateEmail'
For changing password :
operation : 'changePassword'
and I will have only one endpoint for all the above operations that is (in nodejs) :
app.patch('/users', function (req, res) {
// depending upon the operation I delegate it to the respective method
if (req.body.operation === 'sendOTPForEmailChange') {
callMethodA();
} else if (req.body.operation === 'sendEmailActivationLink') {
callMethodB();
} else if (req.body.operation === 'activateEmail') {
callMethodC();
} else if (req.body.operation === 'changePassword') {
callMethodC();
} else sendReplyError();
});
Does this sound a good idea ? If not, someone can help me form the endpoints for changeemail and changepassword.
Answer :
I finally settled for using PATCH with operation field in the HTTP Request Body to indicate what operation has to be performed.
Since I was only modifying a single field of the resource I used the PATCH method.
Also, I wanted to avoid using Verbs in the URI so using 'operation' field looked better.
Some references I used in making this decision :
Wilts answer link here
Mark Nottingham' blog link article
and finally JSON MERGE PATCH link RFC
You should make the links that define the particular resource, avoid using PATCH and adding all the logic in one link keep things simple and use separation of concern in the API
like this
1- /users/otp with HTTP Verb: GET -> to get OTP for any perpose
2- /users/password/otp with HTTP Verb: POST -> to verify OTP for password and sending link via email
3- /users/activate with HTTP Verb: POST to activate the user
4- /users/password with HTTP Verb: PUT to update users password
Hashing Security is a must read, IMHO, should you ever want to implement your own user account system.
Two-factor identification should always be considered, at least as an opt-in feature. How would you integrate it into your login scheme ?
What about identity federation ? Can your user leverage their social accounts to use your app ?
A quick look at Google yielded this and this, as well as this.
Unless you have an excellent reason to do it yourself, I'd spend time integrating a solution that is backed by a strong community for the utility aspects of the project, and focus my time on implementing the business value for your customers.
NB: my text was too long for the comments
Mostly agree with Ghulam's reply, separation of concerns is key. I suggest slightly different endpoints as following:
1. POST /users/otp -> as we are creating a new OTP which should be returned with 200 response.
2. POST /users/email -> to link new email, request to include OTP for verification.
3. PUT /users/email -> to activate the email.
4. PUT /users/password -> to update users password.
This has really been bugging me for some time so any help to confirm or affirm this is much appreciated! This is also the first time I actually post a question despite being developing for a long time :)
So I have a nodejs app integrating with the Google Drive API and I want users to authorize multiple Google Drive accounts and be able to view and open (and in general just interact with) all files from the accounts that they add.
I authorize my app using the highest available scope: https://www.googleapis.com/auth/drive and because I don't want users to have to sign-in again when the access_token runs out so I also include the approval_prompt: "force" and ``access_type: "offline"` when I request my access tokens.
Everything is fine - I authorize nicely, I can delete files, I can open them, I can share them, I can download them. Except for one thing:
If I e.g. authorize horse#gmail.com and then beaver#gmail.com. Then I can still delete, share, download and preview files from both accounts. But I simply cannot open documents from horse#gmail.com in google docs for editing (because beaver#gmail.com is signed in on my local machine). The best I can do is getting to a point where it shows me the document, with the right account logged in in the top right corner of the screen, but asks me to sign-in with a button. When I click the button it just refreshes and give me the same message and the same screen.
What I've tried is:
Simply redirecting the user to the file resources alternateLink from the API
Taking the alternateLink and appending my access_token to it and then redirect the user to it.
(and a ton of other random things I found various places that didn't work).
In both cases I have also tried signing out from all google accounts.
Now I checked a couple of webservices like Jollicloud and Odrive that tries something similar. However, both of them appear to force the user to login to google to access a file.
Is it really true that you can do all kinds of crazy things with the users files like deleting and downloading, but you can't open them in Google Docs own apps?
Not completely sure what kind of code I should add to show you what I've got. But here's some. This is my open action (what happens when the user clicks on a file and wants to open the file in the Google Docs/Sheet/etc.) (the orientdb stuff is because we're using the OrientDB graph database - it just fetches an account where we store the tokens). The link is the link property of the file (see below):
open: function(req,res,next){
var link = req.param("link");
var uid = req.param("uid");
orientdb.select().from('Account').where({uid: uid}).one()
.then(function(account){
var URL = link + "&access_token=" + account.tokens.access_token;
res.redirect(URL);
});
}
Here's an example file document from our database (I've replaced all compromising data with a descriptive
ODocument - Class: File id: #13:20499 v.6
name : Hummer2
service : Gdrive
kind : Google Doc
created : Nov 17, 2014
changed : Nov 17, 2014
users : [MB]
uid : mrb#flowtale.com
childID : <FILE.ID>
exportLinks : {DOCX=https://docs.google.com/feeds/download/documents/export/Export?id=<FILE.ID>&exportFormat=docx, Open Office doc=https://docs.google.com/feeds/download/documents/export/Export?id=<FILE.ID>&exportFormat=odt, Rich text=https://docs.google.com/feeds/download/documents/export/Export?id=<FILE.ID>&exportFormat=rtf, HTML=https://docs.google.com/feeds/download/documents/export/Export?id=<FILE.ID>&exportFormat=html, Plain text=https://docs.google.com/feeds/download/documents/export/Export?id=<FILE.ID>&exportFormat=txt, PDF=https://docs.google.com/feeds/download/documents/export/Export?id=<FILE.ID>&exportFormat=pdf}
usernames : [<ARRAY OF USERNAMES ASSOCIATED WITH THIS FILE>]
in_hasFile : User#11:0{out_hasFile:[size=2237],out_hasAccount:[size=4],username:null,email:h#h.com,password:<SOME ENCRYPTED PASSWORD>} v2244
out_belongsTo : Account#12:3{in_belongsTo:[size=6],type:Gdrive,uid:<SOME UID>,tokens:{access_token=<OUR ACCOUNT ACCESS TOKEN>, token_type=Bearer, refresh_token=<OUR ACCOUNT REFRESH TOKEN>, expiry_date=1416258913290},rootFolderID:<ROOT FOLDER ID>,email:<THE ACCOUNT EMAIL>,filesCached:2,usersCached:2,job:4,in_hasAccount:#11:0} v15
in_folderContains : File#13:20495{out_folderContains:[size=2],name:Testhest,service:Gdrive,kind:folder,created:Oct 12, 2014,changed:Oct 12, 2014,users:[1],link:https://docs.google.com/a/flowtale.com/folderview?id=<FOLDER.ID>&usp=drivesdk,uid:mrb#flowtale.com,childID:<FOLDER.ID>,exportLinks:{},usernames:[1],parents:[1],in_hasFile:#11:0,out_belongsTo:#12:3,in_folderContains:#13:13891} v36
link : https://docs.google.com/a/flowtale.com/document/d/<FILE.ID>/edit?usp=drivesdk
Looking forward to hear if anybody can help me or have experienced this before.
Thanks!
The API will allow you to do several actions in your drive account. I haven't been able to reproduce the behavior you mention with files that I haven't granted permissions to another account.
When you authenticate through the OAuth process, you will grant access to your account only to the application which created the OAuth request. You can not edit the content of a file without manually opening it through GDocs. Therefore, when the browser opens the AlternateUrl, it will require you to login to the account, in order to access the file.
I'm in the process of embedding my image feed in my website using JSON, the URL needs my user id so I can retrieve this feed.
So, where can I find/get my user id?
Update in Jun-5-2022, Instagram API no longer use Bearer Token for authentication. But I find another useful API. All you need is added extra header X-IG-App-ID with "magic value".
https://i.instagram.com/api/v1/users/web_profile_info/?username=therock
Use can use my docker container Insta-Proxy-Server to bypass the authentication.
https://hub.docker.com/repository/docker/dockerer123456/insta-proxy-server
Demo video (I just run directly from source code): https://www.youtube.com/watch?v=frHC1jOfK1k
Update in Mar-19-2022, the API is require login now. Sorry for the bad news.
But we can solve this problem in two ways.
Using my C# lib, login using your account (without any Instagram app token stuff and graph api.)
In case the lib failed (I'm no longer maintain it long time ago), create a proxy server with logged in instagram account.
[Your app] --> [Proxy server] --> [Instagram] --> [Proxy server] -(forward)-> [Your app]
For Proxy server, you can use Nodejs app which install Chromium headless module (Puppeteer for example), logged in with an instagram account.
Proof of concept:
https://www.youtube.com/watch?v=ZlnNBpCXQM8
https://www.youtube.com/watch?v=eMb9us2hH3w
Update in June-20-2019, the API is public now. No authentication required.
Update in December-11-2018, I needed to confirm that this endpoint still work.
You need to login before sending request to this site because it's not public endpoint anymore.
Update in Apr-17-2018, it's look like this endpoint still working (but its not public endpoint anymore), you must send a request with extra information to that endpoint. (Press F12 to open developer toolbar, then click to Network Tab and trace the request.)
Update in Apr-12-2018, cameronjonesweb said that this endpoint doesn't work anymore. When he/she trying to access this endpoint, 403 status code return.
You can get user info when a request is made with the url below:
https://www.instagram.com/{username}/?__a=1
E.g:
This url will get all information about a user whose username is therock
https://www.instagram.com/therock/?__a=1
Enter this url in your browser with the users name you want to find and your access token
https://api.instagram.com/v1/users/search?q=[USERNAME]&access_token=[ACCESS TOKEN]
Working solution without access token as of October-14-2018:
Search for the username:
https://www.instagram.com/web/search/topsearch/?query=<username>
Example:
https://www.instagram.com/web/search/topsearch/?query=therock
This is a search query. Find the exact matched entry in the reply and get user ID from the entry.
Easily Get USER ID and User Details
https://api.instagram.com/v1/users/search?q=[ USER NAME ]&client_id=[ YOU APP Client ID ]
For Example:
https://api.instagram.com/v1/users/search?q=zeeshanakhter2009&client_id=enter_your_id
Result:
{"meta":{"code":200},"data":[{"username":"zeeshanakhter2009","bio":"http://about.me/zeeshanakhter","website":"http://zeeshanakhter.com","profile_picture":"http://images.ak.instagram.com/profiles/profile_202090411_75sq_1377878261.jpg","full_name":"Zeeshan
Akhter","id":"202090411"}]}
Most of the methods are obsolete since June, 1/2016 api changes
Below worked for me,
access instagram on your browser say chrome, safari or firefox.
Launch developer tools, go to console option.
on command prompt enter below command and hit enter:
window._sharedData.entry_data.ProfilePage[0].user.id
If you are lucky, you will get at first attempt, if not, be patient, refresh the page and try again. keep doing until you see user-id. Good luck!!
Instead of using the API, one can examine the Instagram userpage to get the id. Example code in PHP:
$html = file_get_contents("http://instagram.com/<username>");
$doc = new DOMDocument();
$doc->loadHTML($html);
$xpath = new DOMXPath($doc);
$js = $xpath->query('//body/script[#type="text/javascript"]')->item(1)->nodeValue;
$start = strpos($js, '{');
$end = strrpos($js, ';');
$json = substr($js, $start, $end - $start);
$data = json_decode($json, true);
$data = $data["entry_data"]["UserProfile"][0];
# The "userMedia" entry of $data now has the same structure as the "data" field
# in Instagram API responses to user endpoints queries
echo $data["user"]["id"];
Of course, this code has to be adapted if Instagram changes its page format.
Currently there is no direct Instagram API to get user id from user name. You need to call the GET /users/search API and then iterate the results and check if the username field value is equal to your username or not, then you grab the id.
I wrote this tool for retrieving Instagram IDs by username: Instagram User ID Lookup.
It utilizes the python-instagram library to access the API and includes a link to the source code (written on Django), which illustrates various implementations of the Instagram API.
Update: Added source code for port to Ruby on Rails.
I tried all the aforementioned solutions and none works. I guess Instagram has accelerated their changes. I tried, however, the browser console method and played around a bit and found this command that gave me the user ID.
window._sharedData.entry_data.ProfilePage[0].graphql.user.id
You just visit a profile's page and enter this command in the console. You might need to refresh the page for this to work though. (I had to post this as an answer, because of my low reputation)
You need to use Instagrams API to convert your username to id.
If I remember correctly you use users/search to find the username and get the id from there
Most of these answers are invalid after the 6/1/2016 Instagram API changes. The best solution now is here. Go to your feed on instagram.com, copy the link address for any of your pictures, and paste it into the textbox on that page. Worked like a charm.
to get your id, make an authenticated request to the Instagram API users/self/feed endpoint. the response will contain, among other data, the username as well as the id of the user.
Go to the api console & copy link https://api.instagram.com/v1/users/self in text field and authenticate using your instagram id & password, you will get your id in response
This can be done through apigee.com Instagram API access here on Instagram's developer site. After loging in, click on the "/users/search" API call. From there you can search any username and retrieve its id.
{
"data": [{
"username": "jack",
"first_name": "Jack",
"profile_picture": "http://distillery.s3.amazonaws.com/profiles/profile_66_75sq.jpg",
"id": "66",
"last_name": "Dorsey"
},
{
"username": "sammyjack",
"first_name": "Sammy",
"profile_picture": "http://distillery.s3.amazonaws.com/profiles/profile_29648_75sq_1294520029.jpg",
"id": "29648",
"last_name": "Jack"
},
{
"username": "jacktiddy",
"first_name": "Jack",
"profile_picture": "http://distillery.s3.amazonaws.com/profiles/profile_13096_75sq_1286441317.jpg",
"id": "13096",
"last_name": "Tiddy"
}]}
If you already have an access code, it can also be done like this:
https://api.instagram.com/v1/users/search?q=USERNAME&access_token=ACCESS_TOKEN
Well you can just call this link
http://jelled.com/ajax/instagram?do=username&username=[USER_NAME_GOES_HERE]&format=json
Although it's not listed on the API doc page anymore, I found a thread that mentions that you can use self in place of user-id for the users/{user-id} endpoint and it'll return the currently authenticated user's info.
So, users/self is the same as an explicit call to users/{some-user-id} and contains the user's id as part of the payload. Once you're authenticated, just make a call to users/self and the result will include the currently authenticated user's id, like so:
{
"data": {
"id": "1574083",
"username": "snoopdogg",
"full_name": "Snoop Dogg",
"profile_picture": "http://distillery.s3.amazonaws.com/profiles/profile_1574083_75sq_1295469061.jpg",
"bio": "This is my bio",
"website": "http://snoopdogg.com",
"counts": {
"media": 1320,
"follows": 420,
"followed_by": 3410
}
}
If you are using implicit Authentication must have the problem of not being able to find the user_id
I found a way for example:
Access Token = 1506417331.18b98f6.8a00c0d293624ded801d5c723a25d3ec
the User id is 1506417331
would you do a split single seperated by . obtenies to acces token and the first element
I think the best, simplest and securest method is to open your instagram profile in a browser, view source code and look for user variable (ctrl+f "user":{") inside main javascript code. The id number inside user variable should be your id.
This is the code how it looked in the moment of writing this answer (it can, and probably will be changed in future):
"user":{"username":"...","profile_picture":"...","id":"..........","full_name":"..."}},
Here is how you can retrieve your user id from a username:
$url = "https://api.instagram.com/v1/users/search?q=[username]&access_token=[your_token]";
$obj = json_decode(#file_get_contents($url));
echo $obj->data[0]->id;
You can do this by using Instagram API ( User Endpoints: /users/search )
how-to in php :
function Request($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
function GetUserID($username, $access_token) {
$url = "https://api.instagram.com/v1/users/search?q=" . $username . "&access_token=" . $access_token;
if($result = json_decode(Request($url), true)) {
return $result['data'][0]['id'];
}
}
// example:
echo GetUserID('rathienth', $access_token);
Here is a really easy website that works well for me:
http://www.instaid.co.uk/
Or you can do the following replacing 'username' with your Instagram username
https://www.instagram.com/username/?__a=1
Or you can login to your Instagram account and use google dev tools and look at the cookies that have been stored. 'ds_user_id' is your user ID
Working Solution December 14, 2020
For simple usage like 3rd party tools that require an Instagram user ID (like embedding an image feed) I tend to use:
https://www.thekeygram.com/find-instagram-user-id/
because it makes it really easy to copy and paste the Instagram user ID that I am looking for. Unlike most tools I get the results fast, it's free and there are no ads. I recommend you watch the youtube video before using it so you can see how simple it is and get an idea of how it's used:
https://www.youtube.com/watch?v=9HvOroY-YBw
For more advanced usage I recommend:
https://www.instagram.com/{username}/?__a=1
(replace username with the requested username)
For example to find the user ID of the username "instagram" you would use:
https://www.instagram.com/instagram/?__a=1
This is the most advanced way which returns a JSON response and it's great if you are building an app that requires the raw data. You can save it in a database or build some type of front end UI to display it. Example: for a dashboard or on a website. Also, using the url is great because you can get additional attributes about users such as their total follower count and profile bio.
Since adding ?__a=1 to a profile URL is not working anymore to get a user ID from a username, we can do it with cURL and jq (the new API endpoint can be found in the network requests of Instagram web version, for example with Firefox Developer Tools):
curl -s 'https://i.instagram.com/api/v1/users/web_profile_info/?username=alanarblanchard' -H 'X-IG-App-ID: 936619743392459' | jq -r .data.user.id
If you are using Instagram in a web browser, you don't need to use the command above and can check the response of the HTTP request directly.
You may also be interested in finding the username from a user ID, in case someone changes frequently the username. I added an answer here: Instagram get username from userId
https://api.instagram.com/v1/users/search?q="[USERNAME]"&access_token=[ACCESS TOKEN]
Please notice the quotation marks.
This does not always return a valid result but more often than non-quoted one:
https://api.instagram.com/v1/users/search?q="self"&count=1&access_token=[ACCESS TOKEN]
returns user "self" (id: 311176867)
https://api.instagram.com/v1/users/search?q=self&count=1&access_token=[ACCESS TOKEN]
returns user "super_selfie" (id: 1422944651)
Working solution ~2018
I've found that, providing you have an access token, you can perform the following request in your browser:
https://api.instagram.com/v1/users/self?access_token=[VALUE]
In fact, access token contain the User ID (the first segment of the token):
<user-id>.1677aaa.aaa042540a2345d29d11110545e2499
You can get an access token by using this tool provided by Pixel Union.
Python solution with Instaloader external library (install it first with pip)
import instaloader
YOUR_USERNAME = "Your username here"
USERNAME_OF_INTEREST = "Username of interest here"
L = instaloader.Instaloader()
L.interactive_login(YOUR_USERNAME)
profile = instaloader.Profile.from_username(L.context, USERNAME_OF_INTEREST)
print(profile.userid)
With this kind of questions about constantly changing private APIs, I recommend to rely on actively developing libraries, not on the services or answers.
First Create an Application on Instagram and get Client Id for your application
http://instagram.com/developer/
Now just copy paste following Url into browser window by replacing your Username and your Client Id
https://api.instagram.com/v1/users/search?q=[Your-username]&client_id=[Your-Client-Id]
you will get a Json Result containing General Information about your account along with your Numeric user Id
UPDATED 2021
Just go to Facebook Apps choose your app connected with Instagram and you will see your Instagram ID: ********
Note https://www.instagram.com/{username}/?__a=1 was NOT working for me, so this is not a solution in 2021 if you want to use the Instagram Graph API
As of june 2022, you can to run or intercept a special HTTP request in order to successfully get the user data (and user ID). If you use Puppeteer, you can intercept the request that Instagram makes in the browser, and read its response. Example code:
const username = 'user.account';
const page = await browser.newPage();
const [foundResponse] = await Promise.all([
page.waitForResponse((response) => {
const request = response.request();
return request.method() === 'GET' && new RegExp(`https:\\/\\/i\\.instagram\\.com\\/api\\/v1\\/users\\/web_profile_info\\/\\?username=${encodeURIComponent(username.toLowerCase())}`).test(request.url());
}),
page.goto(`https://instagram.com/${encodeURIComponent(username)}`),
]);
const json = JSON.parse(await foundResponse.text());
console.log(json.data.user);
See discussion here: https://github.com/mifi/SimpleInstaBot/issues/125#issuecomment-1145354294
See also working code here: https://github.com/mifi/instauto/blob/2de64d9a30dad16c89a8c45f792e10f137a8e6cb/src/index.js#L250