Our business use case requires Instagram auth, and media fetch as mandatory. Some users get the screen on auth where they can optionally uncheck the media, and this does not go well with our business use case. Is there a possibility to have Instagram media checked as mandatory on auth? It would be perfect for us if the user did not have the possibility to uncheck it. Otherwise, he/she should not even be able to access our app.
We are starting the authorization process with the following code:
const scope = ['user_profile', 'user_media']
window.open(`https://api.instagram.com/oauth/authorize?client_id=${clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code`, 'name', 'toolbar=no,menubar=no,width=350,height=550,top=150,left=250')
Currently when using instagram access token by the url "https://www.instagram.com/oauth/authorize/?client_id=[id]&redirect_uri=http://localhost:3000&response_type=token&scope=public_content" I have such an error
"This request requires scope=public_content, but this access token is not authorized with this scope. The user must re-authorize your application with scope=public_content to be granted this permissions."
I observed the internet and found that scope query part should be added to the end of API URL. That is how I constructed my url. But as you see it resulted in error.
I tried to find out the reason on app permissions page. There is a button "Start submission". I clicked it and got the list of radio buttons. But when I clicked on " I want to display my Instagram posts on my website." then I got:
You do not need to submit for review for this use case. If you are a developer and you want to display Instagram content on your website, then you do not need to submit your app for review. By using a client in sandbox mode, you can still access the last 20 media of any sandbox user that grants you permission.
So I finally got lost. Looks like the solution is pretty simple because in instafeed.js plugin no more information is provided. But I can not resolve it by myself.
change your scope to basic should work.
The link has 'public_content'
https://www.instagram.com/oauth/authorize/?client_id=&redirect_uri=http://localhost:5000&response_type=token&scope=basic
The docs say (step 4):
In the App Review for Instagram section, click Add to Submission for each permission your App will need from its Users. instagram_basic is required. instagram_manage_comments, instagram_manage_insights, and instagram_content_publish are optional.
Scroll to the bottom of the page, and in the Current Submission sub-section, for each submission, click its View Notes link.
In the View Notes dialogue for each permission submission, provide a description for how you will use the data returned by any endpoints that require the permission, and a screencast showing how your app will use the data.
Once you've completed your notes for all of your permission submissions, click the Submit For Review button at the bottom of the page. Note that this is separate from your App Review, which you will do after testing.
After you've added both Facebook Login and Instagram API products to your app configuration, add Facebook Login to your app and record a screencast showing how you will use data returned by the Instagram API. This is similar to the Facebook Login screencast but with Instagram data, so the same guidelines apply.
Step 5:
Once you've been notified that your Instagram API product submission has been approved, you can use the Graph API Explorer to test your app.
With Facebook Login I can create an app that works in sandbox mode. Which lets me create a screencast. To be able to use Instagram Graph API (on a site) I need (from what I can gather):
Facebook Page linked to Instagram Business Account
an app icon
a privacy policy page
a site with working Facebook Login
description of how each permission is going to be used
screencast of... what exactly? of a site that is basically ready, but instead of fetching data from Instagram, it has them hardcoded in the code?
Or there is a sandbox mode after all?
UPD I've highlighted the important parts in the quotes above. Then:
5. Test Your App
Once you've been notified that your Instagram API product submission has been approved, you can use the Graph API Explorer to test your app.
Go to the Graph API Explorer...
The first call you will make is to the Graph API's /user/accounts edge...
Locate the Page that you connected to the Instagram Business Account and click its ID...
Next, [make /page?fields=instagram_business_account request].
This is where I get empty response in Graph API Explorer (only id field is returned), or:
200:- OAuthException:(#200) Access to this data is temporarily disabled for non-active apps or apps that have not recently accessed this data due to changes we are making to the Facebook Platform. https://developers.facebook.com/status/issues/205942813488872/
GET /...?fields=instagram_business_account HTTP/1.1
on my site. Which requests to Instagram Graph API can I make before passing reviews (Instagram App Review, and Facebook App Review)?
It looks like the documentation that Facebook provides is somewhat misleading. You can actually use Instagram Graph API via Graph API Explorer (or by sending GET requests from your code) in a very limited way accessing only your instagram business account BEFORE you get initial approval described in Step 4.
Steps:
Open Graph API Explorer.
First, you need to add extra permissions in the "Access Token" section. There is a "Add a Permission" drop down on the bottom of that section. Open that drop down and select: instagram_basic, manage_pages, business_management permissions. Depending on what you are trying to do, you may need other permissions as well (e.g. instagram_manage_comments, ads_management, manage_pages).
Once you selected the extra permissions, click on the "Get Access Token" button.
Now, you have access token with correct permissions and you should be able to execute instagram_business_account request. This will return the instagram id of your business account, which you can then use for other requests.
After going through these steps, I'm able to get media for my business account via Instagram Graph API, although I'm still trying to figure out why tags request returns empty list.
Go to your app dashboard from your developer account:
https://developers.facebook.com/apps/APP_ID/dashboad
Go to: Roles -> Test Users.
Edit one of the test users to change its password to what you want in order to know him.
Once done, logout from your personal account and connect with the "test user" account in https://facebook.com
Go to your app and click the facebook login with the scope "instagram_basic".
With the access_token that you get you are able to ask Graph API about the user's instagram business account.
Et voilĂ .
PS: You will not be able to use the Open Graph API tool from your test user. My advice is to test your app from Incognito mode so it will not interpose with your personal account.
UPDATE
Currently, access the instagram data from this way is disabled but this is the right way to access the data.
FB error message says:
(#200) Access to this data is temporarily disabled for non-active apps or apps that have not recently accessed this data due to changes we are making to the Facebook Platform. https://developers.facebook.com/status/issues/205942813488872/
You can get full functionality of Graph API if you login with the developer account, use that to create a video screencast of app functionality and submit
You will have to create a test application out of your real application, these applications are in sand box mode by default (developer mode) https://developers.facebook.com/docs/apps/test-apps/ You will be able to access any fb permission / feature with it, and develop a product with it. Once you are ready to review, in your submission of your real application link your test app in the process
I am working on a slack bot that at some point needs to have access to a public playlist on Spotify, but no private info and it doesn't need to modify the playlist. The app has no web component so can't use user authentication. I can get access tokens using the client_credentials grant-type, since the playlist is eligible to public without logging in. However I get the 'This request requires user authentication' error. I have access to the userID and playlistID. I already read
1. https://developer.spotify.com/web-api/authorization-guide/
2. https://developer.spotify.com/web-api/get-playlists-tracks/
I was just wondering if anyone else had a similar problem / how they solved it.
Thanks
I'm using Passport and Facebook Strategy for authentication. It works fine from within my website. Clicking the login button makes a get request to auth/facebook/ and I succesfully log in the user.
I have the same url in the app details:
However the App Center Visit Website button adds this to the query:
{ fb_source: 'appcenter',
fb_appcenter: '1',
code:xxxxx...., // this is what i want
}
And upon clicking i get this error:
"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"
What i don't get is that this works AT THE SAME time on my website. How do I handle this extra parameters and log in the user upon clicking on the visit website button?
I also posted another question. I've been dealing with this for a while now and can't get my head around it...
note:
As far as I know, it is required for app approval that the Visit Button authenticates the user upon clicking and doesn't prompt them with another login message.