By default, Instagram User Access Tokens are short-lived and are valid for one hour. However, short-lived tokens can be exchanged for long-lived tokens.
Long-lived tokens are valid for 60 days and can be refreshed as long as they are at least 24 hours old but have not expired, and the app user has granted your app the instagram_graph_user_profile
permission. Refreshed tokens are valid for 60 days from the date at which they are refreshed. Tokens that have not been refreshed in 60 days will expire and can no longer be refreshed.
Long-lived access tokens for private Instagram accounts can now be refreshed. In addition, permissions granted to apps by app users with private accounts are now valid for 90 days.
Use the GET /access_token
endpoint to exchange a short-lived Instagram User Access Token for a long-lived token. Once you have a long-lived token, you can use it in server-side requests or send it to the client for use there.
Your request must be made server-side and include:
Refer to the GET /access_token
reference for additional information.
curl -i -X GET "https://graph.instagram.com/access_token ?grant_type=ig_exchange_token &client_secret={instagram-app-secret} &access_token={short-lived-access-token}"
{ "access_token":"{long-lived-user-access-token}", "token_type": "bearer", "expires_in": 5183944 // Number of seconds until token expires }
Use the GET /refresh_access_token
endpoint to refresh unexpired long-lived Instagram User Access tokens. Refreshing a long-lived token makes it valid for 60 days again. Long-lived tokens that have not been refreshed in 60 days will expire.
Your request must include:
Refer to the GET /refresh_access_token
reference for additional information.
curl -i -X GET "https://graph.instagram.com/refresh_access_token ?grant_type=ig_refresh_token &access_token={long-lived-access-token}"
{ "access_token":"{long-lived-user-access-token}", "token_type": "bearer", "expires_in": 5183944 // Number of seconds until token expires }