The Instagram API with Instagram Login is a collection of endpoints that allow your app to access data for Instagram professional accounts (both Business and Creator accounts), send and receive messages from followers or people interested in the Instagram professional account, manage comments on media posts, reels, and stories, and publish content on the Instagram professional account. Unlike the Instagram API with Facebook Login, this API doesn't require a Facebook Page linked to the Instagram professional account.
You can build an app that only serves your Instagram professional account or you can build an app that servers other Instagram professional accounts that you don't own or manage.
Messaging
An Instagram user sends a message to the Instagram professional account while logged in to Instagram. Your app can use the API to handle the person's message, either sending an automatic reply, having a live agent respond, or a combination of automation and live agent.
Moderating comments
An Instagram user comments on the Instagram professional account's media. Your app can use the API to get comments, reply to comments, delete comments, hide/unhide comments, and disable/enable comments on Instagram media owned by the Instagram professional account. The API can also identify media where the Instagram professional account has been @mentioned by other Instagram users.
Publishing content
Your app can use the API to publish single images, videos, reels (single media posts), or posts containing multiple images and videos (carousel posts) on Instagram professional accounts.
Limitations
There are two permission access levels your app can request from users, Standard Access and Advanced Access.
Standard Access
Standard Access is the default access level for all apps and limits the data your app can get. Standard Access is intended for apps that will only be used by people who have roles on them, during app development, or for testing your app.
If your app only serves your Instagram professional account or an account you manage, Standard Access is all the your app needs.
Advanced Access
Advanced Access requires App Review and Business Verification. Your app can get data for:
NOTE: If your app serves Instagram professional accounts that you don't own or manage, your app will need Advanced Access.
Learn more about Advanced and Standard Access .
Your app must complete App Review to be granted Advanced Access.
App user authentication is handled through access tokens. All API requests must include your app user's Instagram User access token. You can obtain tokens from the App Dashboard, for your own Instagram professional accounts and tester accounts, and from app users by implementing Business Login for Instagram.
If you are building your app to serve only your Instagram professional accounts or accounts you manage, you can get long-lived access tokens via the App Dashboard.
Authorization codes
Your app receives authorization codes as part of the business login flow. These codes can be exchanged for short-lived Instagram User Access Tokens. To get an authorization code, implement the Authorization Window into your app. After an app user authenticates their identity through the authorization window and grants your app any permissions it needs, we will redirect the user to your app and include an Authorization Code. You can then use the API to exchange the code for the app user's short-lived Instagram User Access Token. Authorization Codes are short-lived and are only valid for 1 hour.
Instagram User access tokens
API authentication is handled by Instagram User Access Tokens that conform to the OAuth 2.0 protocol. Access tokens are app-scoped (unique to the app and user pair) and can be short-lived or long-lived. API requests that query Instagram users or their media must include an Instagram User Access Token.
Short-lived access tokens are valid for 1 hour, but can be exchanged for long-lived tokens. To get a short-lived access token, implement the Authorization Window into your app. After the app user authenticates their identity through the authorization window, we will redirect the user back to your app and include an Authorization Code, which you can then exchange for a short-lived access token.
Short-lived tokens that have not expired can be exchanged for long-lived access tokens which are valid for 60 days. Long-lived tokens can be refreshed before they expire.
If you are building your app to serve only your Instagram professional accounts or accounts you manage, you can get long-lived access tokens via the App Dashboard.
Endpoint authorization is handled through permissions and features.
Before your app can access an app user's Instagram data through an endpoint, you must first request all necessary permissions from the app user. The app user must then grant those permissions to your app. Once granted, you can query the endpoints to access the user's data.
Note that a permission only allows access to data created by the user who granted the permission. There are a few endpoints that allow apps to access data not created by the app user, but the accessible data is limited and publicly available.
You can request permissions from app users by implementing Business Login for Instagram. App users who have a role on your app can grant any requested permissions. App users who do not have a role on your app can only grant permissions and features that have been approved through the App Review process.
The API uses the following permissions and features:
instagram_business_basic
instagram_business_content_publish
instagram_business_manage_comments
instagram_business_manage_messages
See our endpoint reference to determine which permission and features your app will need to request from app users.
All endpoints can be accessed via the graph.instagram.com
host.
When you create your Meta app and select the Instagram product with the **API setup with Instagram Login**, you will configure Business Login for Instagram. This allows your app users to login to your app and grant your app permissions to access their Instagram professional account data.
If you are building your app to serve only your Instagram professional accounts or accounts you manage, you might not want to implement this login flow. However, you will need to configure the business login settings in the App Dashboard to obtain an Instagram app ID and an Instagram app secret as well as obtain long-lived access tokens to use in your API calls.
You must complete Business Verification if your app requires Advanced Access.
Instagram Platform leverages Content Delivery Network (CDN) URLs which allow you to retrieve rich media content shared by Instagram users. The CDN URL is privacy-aware and will not return the media when the content has been deleted or has expired.
Before you can integrate a Meta Technologies API into your app, you must register as a Meta developer and then register your app.
Registration
You will need to register as a developer and register your app with Meta to make calls to the Meta social graph. Learn more.
App Type
Your app must be a Business type app.
App IDs
When creating an app in the App Dashboard, you will receive a Meta App ID. When you add the Instagram product to this app, you will receive an Instagram App ID that you will use in your API calls.
To create an app with the Instagram API with Instagram Login, you need an Instagram professional account.
Your app users, businesses and creators, will also need Instagram professional accounts.
The Instagram professional account ID included in your app's API calls represents the person who logged into your app and who owns or manages the Instagram professional account.
When an Instagram user comments on a post, reel, or story, or sends a message to one of your app user's Instagram professional accounts, an Instagram-scoped user ID is created that represents that user and is specific to the user and the Instagram professional account they are interacting with. This allows an Instagram professional account to map interactions for the same person across multiple apps, such as a customer service app and a shipping app.
/me
endpointThe /me
endpoint is a special endpoint that translates to the Instagram professional account ID of the person who logged into your app and whose access token is currently being used to make the API calls.
To gain and retain access to the Meta social graph you must adhere to the following:
Calls to the Instagram Platform endpoints, excluding messaging, are counted against the calling app's call count. An app's call count is unique for each app and app user pair, and is the number of calls the app has made in a rolling 24 hour window. It is calculated as follows:
Calls within 24 hours = 4800 * Number of Impressions
The Number of Impressions is the number of times any content from the app user's Instagram professional account has entered a person's screen within the last 24 hours.
Calls to the Instagram messaging endpoints are counted against the number of calls your app can make per Instagram professional account and the API used.
You can use Webhooks to have notifications sent to you whenever someone comments on your app users' media objects or when someone sends your app users a message. You can subscribe to the following events in the App Dashboard:
comments
live_comments
message
messaging_optins
messaging_postbacks
message_reactions
messaging_referral
messaging_seen
Now that you are familiar with the components of this API, set up your webhooks server and subscribe to events.