CouchDB Authorization on a Per-Database Basis - security
I'm working on an application supported by CouchDB. Essentially, I want to create a database for each individual user of my app. To accomplish this, the admin user will create the database, but going forward, the user will need to access their database (using HTTP Auth over SSL). I've been having a hell of a time figuring this out.
The best resource I have found is in the CouchDB wiki, at this link:
http://wiki.apache.org/couchdb/Security_Features_Overview#Authorization
It suggests that you can set per-database authorization by creating a document called "_security" to which you add a hash of admins and readers. When I attempt to create that document, the message I get back is "Bad special document member: _security".
$ curl -X GET http://localhost:5984
{"couchdb":"Welcome","version":"1.0.1"}
Any help would be appreciated!
Cheers,
Aaron.
There should be no problem with that aproach.
Let's say you have a database "test", and have an admin account already:
curl -X PUT http://localhost:5984/test -u "admin:123"
Now you can create a _security document for it:
curl -X PUT http://localhost:5984/test/_security -u "admin:123" -d '{"admins":{"names":[], "roles":[]}, "readers":{"names":["joe"],"roles":[]}}'
Them only the user "joe" will be able to read the database. To create the user you must have already the sha1 hashed password:
curl -X POST http://localhost:5984/_users -d '{"_id":"org.couchdb.user:joe","type":"user","name":"joe","roles":[],"password_sha":"c348c1794df04a0473a11234389e74a236833822", "salt":"1"}' -H "Content-Type: application/json"
This user have the password "123" hashed using sha1 with salt "1" (sha1("123"+"1")), so he can read the database:
curl -X GET http://localhost:5984/test -u "joe:123"
He can read any document now on that database, and no other user (but him and admin) can.
UPDATED: Writer security
The above method issues the reader problem, but the reader permission here actually mean "read/write common docs", so it allows to write docs except for design-docs. The "admin"s in the _security doc are allowed to write do design-docs in this database.
The other approach, as taken from your own answer, is the "validate_doc_update", you can have a validate_doc_update as follow in a file:
function(new_doc, old_doc, userCtx) {
if(!userCtx || userCtx.name != "joe") {
throw({forbidden: "Bad user"});
}
}
And push it into a couchdb design:
curl -X PUT http://localhost:5984/test/_design/security -d "{ \"validate_doc_update\": \"function(new_doc,doc,userCtx) { if(userCtx || userCtx.name != 'joe') {throw({forbidden: 'Bad user'})}}\"}" --user 'admin:123'
Them "joe" can write to the database using Basic Authentication:
curl -X PUT http://localhost:5984/test/foobar -d '{"foo":"bar"}' -u 'joe:123'
As you also addressed you can use the _session api to get a cookie for authentication:
curl http://localhost:5984/_session -v -X POST -d 'name=joe&password=123' -H "Content-Type: application/x-www-form-urlencodeddata"
This will return a header like:
Set-Cookie: AuthSession=am9lOjRDRDE1NzQ1Oj_xIexerFtLI6EWrBN8IWYWoDRz; Version=1; Path=/; HttpOnly
So you can include the cookie "AuthSession=am9lOjRDRDE1NzQ1Oj_xIexerFtLI6EWrBN8IWYWoDRz" in your next requests and they will be authenticated.
I've been doing more research and testing, and I want to summarize where I've gotten to, and what still isn't working for me.
First off, apologies for those who read this question: I was looking for ways to set permissions for people to write, not read, the database. It turns out be be a big difference: the techniques for creating a "reader" are entirely different from creating a "writer" (that term actually doesn't exist, though I wonder why).
In brief: you have to add a user to the _users database, which is a list of the users that have access to any database in your CouchDB instance. I was able to do that by issuing a command similar to:
curl -X PUT http://admin:password#localhost:5984/_users/org.couchdb.user:username -d '{"type":"user", "hashed_password":"2bf184a2d152aad139dc4facd7710ee848c2af27", "name":"username", "roles":[]}'
Note you need to apparently namespace the user name with the "org.couchdb.user" prefix. I used a Ruby hashing method to get the hashed_password value:
require 'digest/sha1'
pass_hash = Digest::SHA1.hexdigest(password)
This gets an apparently valid user into the database. The next step is to assign that user as a "writer" (ha, there it is again!) for the new database that I created. So I might do something like:
curl -X PUT http://admin:password#localhost:5984/newdatabase
and then
curl -X PUT http://admin:password#localhost:5984/newdatabase/_design/security -d #security.json
That .json file contains a Javascript function for the "validate_doc_update" key, and that function looks like this:
function(new_doc, old_doc, userCtx) {
if(userCtx.name != username) {
throw({forbidden: "Please log in first."});
}
}
It's roundabout, but it makes sense. However, I now am running into a problem: apparently the userCtx variable doesn't get populated until the user is authenticated. This article suggests that all you have to do is pass the credentials through an HTTP request to a special _session database, like so:
curl -X POST http://username:password#localhost:5984/_session
I can do that for my admin user, and the userCtx var will be populated. But for my newly-created user, it fails:
$ curl http://org.couchdb.user:username:password#localhost:5984/_session
{"ok":true,"userCtx":{"name":null,"roles":[]},"info":{"authentication_db":"_users","authentication_handlers":["cookie","oauth","default"]}}
Note the userCtx hash is null. I wonder if that namespace thing is causing the problem? It's got a freakin' colon in it, so maybe there's some confusion about the password? I've tried making it without the namespace, and it doesn't work at all; at least here my request appears to be hitting the database and getting a response.
I'm stuck at this point. If anyone can check my assumptions and progress thus far, I hope we can all figure out how to make this work.
Thanks!
Aaron.
You may want to check out Matt Woodward's - The Definitive Guide to CouchDB Authentication and Security http://blog.mattwoodward.com/2012/03/definitive-guide-to-couchdb.html
Related
creating new user in couchdb 3 without admin password
I just downloaded and installed CouchDB v3. On first start, it prompted me to set an admin password which I did. For the web app that I'm building, I want to use the CouchDB user authentication feature, so I created a new _users database using the Fauxton UI. After creating the _users database I made a call to the REST API to insert a new user (this is the example code taken from the documentation): $ curl -X PUT http://localhost:5984/_users/org.couchdb.user:jan \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d '{"name": "jan", "password": "apple", "roles": [], "type": "user"}' Instead of the expected response {"ok":true,"id":"org.couchdb.user:jan","rev":..."} I'm getting {"error":"unauthorized","reason":"You are not authorized to access this db."} When adding the admin credentials to the API call, it works as expected: $ curl -X PUT http://admin:____#localhost:5984/_users/org.couchdb.user:jan \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d '{"name": "jan", "password": "apple", "roles": [], "type": "user"}' {"ok":true,"id":"org.couchdb.user:jan","rev":"..."} My question: Are there any settings or permissions I can set to make the request work without having to add the admin credentials? (AFAIK this worked fine in v2.x)
You are missing the fun of the good old Admin Party, which for many years was the default setting for CouchDB, meaning it was installed with zero security as everyone was effectively an admin. From The Road to CouchDB 3.0: Security[1] One of the aspects of getting started easily was a 1.x-era choice to make it easy to use CouchDB: the Admin Party. Admin Party means that, by default, any request made against CouchDB was done in the context of an admin user, i.e. you were allowed to do anything. 3.0 changed all of that by shutting down the Admin Party - what a bunch of buzz kills! I suspect there are more sophisticated solutions, but for those that want to party on[2] quickly, minor changes to etc/local.ini and any permissions on _users will satisfy. The key is the configuration property require_valid_user[3]. In etc/local.ini, modify the chttpd and couch_httpd_auth sections [chttpd] require_valid_user = false [couch_httpd_auth] require_valid_user = false That's all that is needed unless there are members and/or roles defined for the _users database. If there are, they must be deleted (easily with Fauxton). After cleaning up members/roles and altering the etc/local.ini restart CouchDB and you should be able to create users without a problem. Party on! 👍 Just be sure to consider the ramifications of such changes. Disclaimer - I don't recommend running CouchDB in any security context resembling Admin Party! 1 The Road to CouchDB 3.0: Security 2 Party On 3 require_valid_user
User signup feathers-authentication with passport-facebook-token
I am trying to allow users to sign up for my service via "login with facebook". I have already done arrow 1-2. I need to do arrows 3-6. I have made a minimal Feathersjs example at https://github.com/morenoh149/feathers-chat-facebook-signup-api I seem to be having trouble getting feathers-authentication and passport-facebook-token to generate the User object and sign them up. I've reviewed passport-facebook-token carefully. This answer explains that in the callback to passport-facebook-token you should create the User object. How do I do this with feathers-authentication? When I provide the token in the body curl localhost:3030/authentication \ --data-binary '{\ "strategy": "facebook-token", \ "access_token": "<phone token>" \ }' I get {"name":"NotAuthenticated", "message":"You should provide access_token","code":401, "className":"not-authenticated", "data":{"message":"You should provide access_token"} when I pass the token as a header curl localhost:3030/authentication \ -X POST \ -H "Authorization: Bearer <access token>" I get error {"name":"GeneralError", "message":"Cannot read property 'toLowerCase' of undefined", "code":500,"className":"general-error","data":{},"errors":{}}
So I downloaded and ran the repo, I used VSCode to run the app and set break points. I created a breakpoint in the before create hooks on users. The issue here is that the gravatar hook is expected the email to be context.data but it is in fact embedded within the facebook response. You will need to look at extracting the email from that data so that you can create a gravatar or just remove the gravatar hook altogether.
API call IBM Watson Natural Language Understanding-xq - Python or Postman
I'm struggling to connect to the IBM Watson API for Natural Language Understanding. I've added it to the Resource list in my IAM account. I've got to the page with an example POST request to connect to the API, and I can't seem to authenticate. I've blanked out the API key from this request but in the pages the key is supplied so I'm struggling to see why it's not working curl -X POST -u "#######" \ -H "Content-Type: application/json" \ -d '{ "text": "I still have a dream. It is a dream deeply rooted in the American dream. I have a dream that one day this nation will rise up and live out the true meaning of its creed: \"We hold these truths to be self-evident, that all men are created equal.\"", "features": { "sentiment": {}, "keywords": {} }}' \ "https://gateway-lon.watsonplatform.net/natural-language- understanding/api/v1/analyze?version=2018-03-19" I've tried pasting this into Postman but I just get a 401 Unauthorized response, which makes me think it's something in the account pages of the IAM, but they've chnage the interface and not update the documentation, and I'm going round in circles because the instructions don't match the menus. Any pointers would be appreciated. I intend to query through Python, so I'm hoping once I can get past the authentication issue it's as simple as copying the Python code out of Postman
Your -u credentials should be: -u "apikey:#######" As per the API documentation - https://cloud.ibm.com/apidocs/natural-language-understanding#authentication
Somehow the API credentials were not being recognised. I must have done something wrong in the initial IAM setup, which meant that when I deleted the credentials, re-created them and then copied the new key ... everything immediately started working. Complete mystery as to why but hopefully this helps someone. Here are the instructions I followed https://console.bluemix.net/docs/services/natural-language-understanding/getting-started.html#getting-started-tutorial I used the SDK as suggested by Simon O'Doherty It might also be related to me having gone into the "Manage" >> "Account" and deleted any Access Groups and Service IDs I'd attempted to create by following the "Getting Started with IAM" instructions from here, which I suspect might have been what confused me IAM getting started (not required)
Does DocuSign Connect work with basic HTTP auth details?
I am using DocuSign connect to update the state of my app after an event happens on a document. I have set up my account like so: At the moment my "URL to Publish" looks something similar to https://key:secret#example.herokuapp.com. However when I look in the logs I always seem to receive something similar to: error: Exception in EnvelopeIntegration.RunIntegration: key :: https://key:secret#example.herokuapp.com/webhook :: Error - The remote server returned an error: (401) Unauthorized When I copy the Envelope Data into a file locally (complete-webhook.xml) and I run the following command through the command line it seems to run successfully: curl -i -X POST -d #complete-webhook.xml https://key:secret#example.herokuapp.com/webhook Has anybody got any ideas as to the reason why this could be happening?
When you use a url such as https://username:password#example.com/, your client takes the username:password part of the url and uses it to create an Authorization: Basic header. You can try it yourself, create a requestb.in and then use the curl command curl -X POST -d "fizz=buzz" http://username:password#requestb.in/12345 # where 12345 is your requestb.in address The result on requestb.in: A request to just /12345 (the incoming url does not include the username or password) The request includes the header Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= If you put dXNlcm5hbWU6cGFzc3dvcmQ= through a base64 decoder, you get username:password Answer, at this point, the Connect system does not support sending basic authentication information when it calls listeners. I have filed an internal feature request. Work-around Your listener url can include a query parameter that serves as a password. eg. `example.com/webhook/?pw=9e47a953-c105-44c5-ba5c-4bb77d63694d Then, in your listener, simply reject any request that does not include the pw query parameter and the value that you chose. In its requests to your listener, the Connect system will use any query parameters that you originally set when you added the Connect subscription.
Instagram how to get my user id from username?
I'm in the process of embedding my image feed in my website using JSON, the URL needs my user id so I can retrieve this feed. So, where can I find/get my user id?
Update in Jun-5-2022, Instagram API no longer use Bearer Token for authentication. But I find another useful API. All you need is added extra header X-IG-App-ID with "magic value". https://i.instagram.com/api/v1/users/web_profile_info/?username=therock Use can use my docker container Insta-Proxy-Server to bypass the authentication. https://hub.docker.com/repository/docker/dockerer123456/insta-proxy-server Demo video (I just run directly from source code): https://www.youtube.com/watch?v=frHC1jOfK1k Update in Mar-19-2022, the API is require login now. Sorry for the bad news. But we can solve this problem in two ways. Using my C# lib, login using your account (without any Instagram app token stuff and graph api.) In case the lib failed (I'm no longer maintain it long time ago), create a proxy server with logged in instagram account. [Your app] --> [Proxy server] --> [Instagram] --> [Proxy server] -(forward)-> [Your app] For Proxy server, you can use Nodejs app which install Chromium headless module (Puppeteer for example), logged in with an instagram account. Proof of concept: https://www.youtube.com/watch?v=ZlnNBpCXQM8 https://www.youtube.com/watch?v=eMb9us2hH3w Update in June-20-2019, the API is public now. No authentication required. Update in December-11-2018, I needed to confirm that this endpoint still work. You need to login before sending request to this site because it's not public endpoint anymore. Update in Apr-17-2018, it's look like this endpoint still working (but its not public endpoint anymore), you must send a request with extra information to that endpoint. (Press F12 to open developer toolbar, then click to Network Tab and trace the request.) Update in Apr-12-2018, cameronjonesweb said that this endpoint doesn't work anymore. When he/she trying to access this endpoint, 403 status code return. You can get user info when a request is made with the url below: https://www.instagram.com/{username}/?__a=1 E.g: This url will get all information about a user whose username is therock https://www.instagram.com/therock/?__a=1
Enter this url in your browser with the users name you want to find and your access token https://api.instagram.com/v1/users/search?q=[USERNAME]&access_token=[ACCESS TOKEN]
Working solution without access token as of October-14-2018: Search for the username: https://www.instagram.com/web/search/topsearch/?query=<username> Example: https://www.instagram.com/web/search/topsearch/?query=therock This is a search query. Find the exact matched entry in the reply and get user ID from the entry.
Easily Get USER ID and User Details https://api.instagram.com/v1/users/search?q=[ USER NAME ]&client_id=[ YOU APP Client ID ] For Example: https://api.instagram.com/v1/users/search?q=zeeshanakhter2009&client_id=enter_your_id Result: {"meta":{"code":200},"data":[{"username":"zeeshanakhter2009","bio":"http://about.me/zeeshanakhter","website":"http://zeeshanakhter.com","profile_picture":"http://images.ak.instagram.com/profiles/profile_202090411_75sq_1377878261.jpg","full_name":"Zeeshan Akhter","id":"202090411"}]}
Most of the methods are obsolete since June, 1/2016 api changes Below worked for me, access instagram on your browser say chrome, safari or firefox. Launch developer tools, go to console option. on command prompt enter below command and hit enter: window._sharedData.entry_data.ProfilePage[0].user.id If you are lucky, you will get at first attempt, if not, be patient, refresh the page and try again. keep doing until you see user-id. Good luck!!
Instead of using the API, one can examine the Instagram userpage to get the id. Example code in PHP: $html = file_get_contents("http://instagram.com/<username>"); $doc = new DOMDocument(); $doc->loadHTML($html); $xpath = new DOMXPath($doc); $js = $xpath->query('//body/script[#type="text/javascript"]')->item(1)->nodeValue; $start = strpos($js, '{'); $end = strrpos($js, ';'); $json = substr($js, $start, $end - $start); $data = json_decode($json, true); $data = $data["entry_data"]["UserProfile"][0]; # The "userMedia" entry of $data now has the same structure as the "data" field # in Instagram API responses to user endpoints queries echo $data["user"]["id"]; Of course, this code has to be adapted if Instagram changes its page format.
Currently there is no direct Instagram API to get user id from user name. You need to call the GET /users/search API and then iterate the results and check if the username field value is equal to your username or not, then you grab the id.
I wrote this tool for retrieving Instagram IDs by username: Instagram User ID Lookup. It utilizes the python-instagram library to access the API and includes a link to the source code (written on Django), which illustrates various implementations of the Instagram API. Update: Added source code for port to Ruby on Rails.
I tried all the aforementioned solutions and none works. I guess Instagram has accelerated their changes. I tried, however, the browser console method and played around a bit and found this command that gave me the user ID. window._sharedData.entry_data.ProfilePage[0].graphql.user.id You just visit a profile's page and enter this command in the console. You might need to refresh the page for this to work though. (I had to post this as an answer, because of my low reputation)
You need to use Instagrams API to convert your username to id. If I remember correctly you use users/search to find the username and get the id from there
Most of these answers are invalid after the 6/1/2016 Instagram API changes. The best solution now is here. Go to your feed on instagram.com, copy the link address for any of your pictures, and paste it into the textbox on that page. Worked like a charm.
to get your id, make an authenticated request to the Instagram API users/self/feed endpoint. the response will contain, among other data, the username as well as the id of the user.
Go to the api console & copy link https://api.instagram.com/v1/users/self in text field and authenticate using your instagram id & password, you will get your id in response
This can be done through apigee.com Instagram API access here on Instagram's developer site. After loging in, click on the "/users/search" API call. From there you can search any username and retrieve its id. { "data": [{ "username": "jack", "first_name": "Jack", "profile_picture": "http://distillery.s3.amazonaws.com/profiles/profile_66_75sq.jpg", "id": "66", "last_name": "Dorsey" }, { "username": "sammyjack", "first_name": "Sammy", "profile_picture": "http://distillery.s3.amazonaws.com/profiles/profile_29648_75sq_1294520029.jpg", "id": "29648", "last_name": "Jack" }, { "username": "jacktiddy", "first_name": "Jack", "profile_picture": "http://distillery.s3.amazonaws.com/profiles/profile_13096_75sq_1286441317.jpg", "id": "13096", "last_name": "Tiddy" }]} If you already have an access code, it can also be done like this: https://api.instagram.com/v1/users/search?q=USERNAME&access_token=ACCESS_TOKEN
Well you can just call this link http://jelled.com/ajax/instagram?do=username&username=[USER_NAME_GOES_HERE]&format=json
Although it's not listed on the API doc page anymore, I found a thread that mentions that you can use self in place of user-id for the users/{user-id} endpoint and it'll return the currently authenticated user's info. So, users/self is the same as an explicit call to users/{some-user-id} and contains the user's id as part of the payload. Once you're authenticated, just make a call to users/self and the result will include the currently authenticated user's id, like so: { "data": { "id": "1574083", "username": "snoopdogg", "full_name": "Snoop Dogg", "profile_picture": "http://distillery.s3.amazonaws.com/profiles/profile_1574083_75sq_1295469061.jpg", "bio": "This is my bio", "website": "http://snoopdogg.com", "counts": { "media": 1320, "follows": 420, "followed_by": 3410 } }
If you are using implicit Authentication must have the problem of not being able to find the user_id I found a way for example: Access Token = 1506417331.18b98f6.8a00c0d293624ded801d5c723a25d3ec the User id is 1506417331 would you do a split single seperated by . obtenies to acces token and the first element
I think the best, simplest and securest method is to open your instagram profile in a browser, view source code and look for user variable (ctrl+f "user":{") inside main javascript code. The id number inside user variable should be your id. This is the code how it looked in the moment of writing this answer (it can, and probably will be changed in future): "user":{"username":"...","profile_picture":"...","id":"..........","full_name":"..."}},
Here is how you can retrieve your user id from a username: $url = "https://api.instagram.com/v1/users/search?q=[username]&access_token=[your_token]"; $obj = json_decode(#file_get_contents($url)); echo $obj->data[0]->id;
You can do this by using Instagram API ( User Endpoints: /users/search ) how-to in php : function Request($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, 0); $result = curl_exec($ch); curl_close($ch); return $result; } function GetUserID($username, $access_token) { $url = "https://api.instagram.com/v1/users/search?q=" . $username . "&access_token=" . $access_token; if($result = json_decode(Request($url), true)) { return $result['data'][0]['id']; } } // example: echo GetUserID('rathienth', $access_token);
Here is a really easy website that works well for me: http://www.instaid.co.uk/ Or you can do the following replacing 'username' with your Instagram username https://www.instagram.com/username/?__a=1 Or you can login to your Instagram account and use google dev tools and look at the cookies that have been stored. 'ds_user_id' is your user ID
Working Solution December 14, 2020 For simple usage like 3rd party tools that require an Instagram user ID (like embedding an image feed) I tend to use: https://www.thekeygram.com/find-instagram-user-id/ because it makes it really easy to copy and paste the Instagram user ID that I am looking for. Unlike most tools I get the results fast, it's free and there are no ads. I recommend you watch the youtube video before using it so you can see how simple it is and get an idea of how it's used: https://www.youtube.com/watch?v=9HvOroY-YBw For more advanced usage I recommend: https://www.instagram.com/{username}/?__a=1 (replace username with the requested username) For example to find the user ID of the username "instagram" you would use: https://www.instagram.com/instagram/?__a=1 This is the most advanced way which returns a JSON response and it's great if you are building an app that requires the raw data. You can save it in a database or build some type of front end UI to display it. Example: for a dashboard or on a website. Also, using the url is great because you can get additional attributes about users such as their total follower count and profile bio.
Since adding ?__a=1 to a profile URL is not working anymore to get a user ID from a username, we can do it with cURL and jq (the new API endpoint can be found in the network requests of Instagram web version, for example with Firefox Developer Tools): curl -s 'https://i.instagram.com/api/v1/users/web_profile_info/?username=alanarblanchard' -H 'X-IG-App-ID: 936619743392459' | jq -r .data.user.id If you are using Instagram in a web browser, you don't need to use the command above and can check the response of the HTTP request directly. You may also be interested in finding the username from a user ID, in case someone changes frequently the username. I added an answer here: Instagram get username from userId
https://api.instagram.com/v1/users/search?q="[USERNAME]"&access_token=[ACCESS TOKEN] Please notice the quotation marks. This does not always return a valid result but more often than non-quoted one: https://api.instagram.com/v1/users/search?q="self"&count=1&access_token=[ACCESS TOKEN] returns user "self" (id: 311176867) https://api.instagram.com/v1/users/search?q=self&count=1&access_token=[ACCESS TOKEN] returns user "super_selfie" (id: 1422944651)
Working solution ~2018 I've found that, providing you have an access token, you can perform the following request in your browser: https://api.instagram.com/v1/users/self?access_token=[VALUE] In fact, access token contain the User ID (the first segment of the token): <user-id>.1677aaa.aaa042540a2345d29d11110545e2499 You can get an access token by using this tool provided by Pixel Union.
Python solution with Instaloader external library (install it first with pip) import instaloader YOUR_USERNAME = "Your username here" USERNAME_OF_INTEREST = "Username of interest here" L = instaloader.Instaloader() L.interactive_login(YOUR_USERNAME) profile = instaloader.Profile.from_username(L.context, USERNAME_OF_INTEREST) print(profile.userid) With this kind of questions about constantly changing private APIs, I recommend to rely on actively developing libraries, not on the services or answers.
First Create an Application on Instagram and get Client Id for your application http://instagram.com/developer/ Now just copy paste following Url into browser window by replacing your Username and your Client Id https://api.instagram.com/v1/users/search?q=[Your-username]&client_id=[Your-Client-Id] you will get a Json Result containing General Information about your account along with your Numeric user Id
UPDATED 2021 Just go to Facebook Apps choose your app connected with Instagram and you will see your Instagram ID: ******** Note https://www.instagram.com/{username}/?__a=1 was NOT working for me, so this is not a solution in 2021 if you want to use the Instagram Graph API
As of june 2022, you can to run or intercept a special HTTP request in order to successfully get the user data (and user ID). If you use Puppeteer, you can intercept the request that Instagram makes in the browser, and read its response. Example code: const username = 'user.account'; const page = await browser.newPage(); const [foundResponse] = await Promise.all([ page.waitForResponse((response) => { const request = response.request(); return request.method() === 'GET' && new RegExp(`https:\\/\\/i\\.instagram\\.com\\/api\\/v1\\/users\\/web_profile_info\\/\\?username=${encodeURIComponent(username.toLowerCase())}`).test(request.url()); }), page.goto(`https://instagram.com/${encodeURIComponent(username)}`), ]); const json = JSON.parse(await foundResponse.text()); console.log(json.data.user); See discussion here: https://github.com/mifi/SimpleInstaBot/issues/125#issuecomment-1145354294 See also working code here: https://github.com/mifi/instauto/blob/2de64d9a30dad16c89a8c45f792e10f137a8e6cb/src/index.js#L250