After March 30th, 2020, access to the original Instagram API (what developers use to display your Instagram feed) will close. Any RapidWeaver project using the Instagram Connect stack will no longer display Instagram feeds. You will need to download the stack's replacement IG Connect. This stack is free for anyone who owns Instagram Connect (use the purchase order lookup form and select Instagram Connect from your order history to download the new stack).
The new Instagram API includes more restrictions. This is mostly due to Instagram’s parent company Facebook. They have encountered multiple security problems over the past few years and are now tightening up access to its products to better secure private data.
Just like before, access tokens must be generated to display content from an Instagram account and only public Instagram accounts can generate access tokens. However, you must now be invited to use the token generator and cannot generate an access token until you accept the invite request. The token generator is included with the IG Connect stack and is visible in RapidWeaver preview mode after you have added it to a Stacks page. You will be able to request an invite to use the token generator directly through the token generator itself.
Please note a few important API changes and restrictions:
- Tokens expire after 60 days but can be refreshed for another 60 days at any point. IG Connect will still display the Instagram feed if the token expires but it will no longer update with new posts. Refreshing a token is as simple as clicking a button / visiting a link.
- Comments are no longer supported. IG Connect allows you to link posts directly to the Instagram website which support likes, comments, and follows.
- Promoted posts containing Instagram media are not supported.
- Instagram Stories are not supported.
- Like counts are not supported (Instagram no longer shows like counts publicly).
What is the Instagram API?
The full name is the Instagram Basic Display Application Program Interface. Application Program Interface is shortened to "API". This API allows users of an app (or stack in this case) to get basic profile information, photos, and videos from their Instagram accounts. The Instagram Basic Display API only provides read-access to that data, which means no changes can be made to an account through this API.
What is an access token?
The Instagram API requires authentication to display images and videos from a feed - specifically requests made on behalf of a user. Authenticated requests are made with the use of an access token. The tokens are unique to each Instagram account and must be added to the IG Connect stack settings menu.
What is the Token Generator?
From the Instagram API:
"The Instagram User Token Generator is a tool you can use to quickly generate long-lived Instagram User Access Tokens for any of your public Instagram accounts. This is useful if you’re testing your app and don’t want to bother with implementing the Authorization Window, or if you’re using copy and paste-able code supplied by a third-party service (for example, to display your own Instagram data on your own website).
The tool works by triggering the Authorization Window, which you can sign into with a public Instagram account that you have designated as a tester account. After signing in, the tool will generate a long-lived access token that you can copy and paste. Note that tokens can only be generated for public Instagram accounts."
Why do we need an invite to use the token generator?
Apps like IG Connect are considered third-party services that help you display your own Instagram data on your own website. The new API focuses on online apps with in-depth integration. Stand alone websites cannot get approval and only apps with multiple-users and an online log-in system are usually approved. While IG Connect has multiple users it does not need an online log in system. RapidWeaver is also considered an "offline" program with no online log-in system. It's hard for IG Connect to get approval to skip the invite process because the app reviewers are unwilling to download RapidWeaver and Stacks in order to test it.
The invite will allow you to use our developer account to generate a token. Without the invite, you would need to create your own developer account, create a new app, and write server hosted code to communicate with the Instagram API. The IG Connect stack will still work with tokens generated by your own Instagram developer account. However, the instagram API requires that you have a solid grasp of web development concepts and languages. It is a very involved multi-step process but if your feeling adventurous, you can read about how to do it here.
Note: Even with approval, no additional features would be granted to IG Connect other than the generator no longer requiring an invite. Tokens would still expire after 60 days and the same data would be accessed from the Instagram account.
From the Instagram API:
"If you are creating an app solely for the purpose of generating access tokens with the User Token Generator, you do not need to submit your app for App Review. The User Token Generator does not require any permissions and can be used while your app is in Development Mode."
What happens if my token expires?
The Instagram feed set up through the IG Connect stack will still display but no new posts will be added after the date of expiration. At that point you can simply generate a new token through the generator.
Does 1LD store the generated tokens?
No, 1LD does not store or read the generated tokens, nor do we have access to your Instagram Accounts. Once you generate the token, only you have access to it and it’s up to you who you share it with. The token generator exists so that you do not need to provide your sensitive account data to us.
What happens if someone else uses my access token?
The access token only grants read-access to your Instagram account basic profile information, photos, and videos. If someone where to get ahold of the token they would only be able to see the same things that they can see by visiting your Instagram page.
- A person with your access token cannot login to your Instagram account.
- A person with your access token cannot post or make changes to your Instagram account.
- A person with your access token cannot retrieve your password or see any non-public information.
How do I disable a token or remove read access to my Instagram account?
You can at any time remove access to the token generator and therefore disable any tokens that have been generated through it. To find the remove setting in your Instagram app, choose the option “Settings” and then select “Apps and Websites.” If you wish to use the Token Generator after that point you will need a new invite.