Overview

The Instagram API with Instagram Login is a collection of endpoints that allow your app to access data for Instagram professional accounts (both Business and Creator accounts), send and receive messages from followers or people interested in the Instagram professional account, manage comments on media posts, reels, and stories, and publish content on the Instagram professional account. Unlike the Instagram API with Facebook Login, this API doesn't require a Facebook Page linked to the Instagram professional account.

You can build an app that only serves your Instagram professional account or you can build an app that servers other Instagram professional accounts that you don't own or manage.

How it works

Messaging

An Instagram user sends a message to the Instagram professional account while logged in to Instagram. Your app can use the API to handle the person's message, either sending an automatic reply, having a live agent respond, or a combination of automation and live agent.

Moderating comments

An Instagram user comments on the Instagram professional account's media. Your app can use the API to get comments, reply to comments, delete comments, hide/unhide comments, and disable/enable comments on Instagram media owned by the Instagram professional account. The API can also identify media where the Instagram professional account has been @mentioned by other Instagram users.

Publishing content

Your app can use the API to publish single images, videos, reels (single media posts), or posts containing multiple images and videos (carousel posts) on Instagram professional accounts.

Limitations

• This API is only available for Instagram professional accounts
• This API doesn't support ads, insights or tagging

Access levels

There are two permission access levels your app can request from users, Standard Access and Advanced Access.

Standard Access

Standard Access is the default access level for all apps and limits the data your app can get. Standard Access is intended for apps that will only be used by people who have roles on them, during app development, or for testing your app.

If your app only serves your Instagram professional account or an account you manage, Standard Access is all the your app needs.

Advanced Access

Advanced Access requires App Review and Business Verification. Your app can get data for:

• Instagram professional accounts added via Business Login for Instagram

NOTE: If your app serves Instagram professional accounts that you don't own or manage, your app will need Advanced Access.

Learn more about Advanced and Standard Access .

App Review

Your app must complete App Review to be granted Advanced Access.

Authentication

App user authentication is handled through access tokens. All API requests must include your app user's Instagram User access token. You can obtain tokens from the App Dashboard, for your own Instagram professional accounts and tester accounts, and from app users by implementing Business Login for Instagram.

If you are building your app to serve only your Instagram professional accounts or accounts you manage, you can get long-lived access tokens via the App Dashboard.

Authorization codes

Your app receives authorization codes as part of the business login flow. These codes can be exchanged for short-lived Instagram User Access Tokens. To get an authorization code, implement the Authorization Window into your app. After an app user authenticates their identity through the authorization window and grants your app any permissions it needs, we will redirect the user to your app and include an Authorization Code. You can then use the API to exchange the code for the app user's short-lived Instagram User Access Token. Authorization Codes are short-lived and are only valid for 1 hour.

Instagram User access tokens

API authentication is handled by Instagram User Access Tokens that conform to the OAuth 2.0 protocol. Access tokens are app-scoped (unique to the app and user pair) and can be short-lived or long-lived. API requests that query Instagram users or their media must include an Instagram User Access Token.

Short-lived access tokens

Short-lived access tokens are valid for 1 hour, but can be exchanged for long-lived tokens. To get a short-lived access token, implement the Authorization Window into your app. After the app user authenticates their identity through the authorization window, we will redirect the user back to your app and include an Authorization Code, which you can then exchange for a short-lived access token.

Long-lived access tokens

Short-lived tokens that have not expired can be exchanged for long-lived access tokens which are valid for 60 days. Long-lived tokens can be refreshed before they expire.

If you are building your app to serve only your Instagram professional accounts or accounts you manage, you can get long-lived access tokens via the App Dashboard.

Authorization

Endpoint authorization is handled through permissions and features.

Before your app can access an app user's Instagram data through an endpoint, you must first request all necessary permissions from the app user. The app user must then grant those permissions to your app. Once granted, you can query the endpoints to access the user's data.

Note that a permission only allows access to data created by the user who granted the permission. There are a few endpoints that allow apps to access data not created by the app user, but the accessible data is limited and publicly available.

You can request permissions from app users by implementing Business Login for Instagram. App users who have a role on your app can grant any requested permissions. App users who do not have a role on your app can only grant permissions and features that have been approved through the App Review process.

The API uses the following permissions and features:

• instagram_business_basic
• instagram_business_content_publish
• instagram_business_manage_comments
• instagram_business_manage_messages
• Human Agent

See our endpoint reference to determine which permission and features your app will need to request from app users.

Base URL

All endpoints can be accessed via the graph.instagram.com host.

Business Login for Instagram

When you create your Meta app and select the Instagram product with the **API setup with Instagram Login**, you will configure Business Login for Instagram. This allows your app users to login to your app and grant your app permissions to access their Instagram professional account data.

If you are building your app to serve only your Instagram professional accounts or accounts you manage, you might not want to implement this login flow. However, you will need to configure the business login settings in the App Dashboard to obtain an Instagram app ID and an Instagram app secret as well as obtain long-lived access tokens to use in your API calls.

Business Verification

You must complete Business Verification if your app requires Advanced Access.

Content Delivery Network URLs

Instagram Platform leverages Content Delivery Network (CDN) URLs which allow you to retrieve rich media content shared by Instagram users. The CDN URL is privacy-aware and will not return the media when the content has been deleted or has expired.

Develop with Meta

Before you can integrate a Meta Technologies API into your app, you must register as a Meta developer and then register your app.

Registration

You will need to register as a developer and register your app with Meta to make calls to the Meta social graph. Learn more.

App Type

Your app must be a Business type app.

App IDs

When creating an app in the App Dashboard, you will receive a Meta App ID. When you add the Instagram product to this app, you will receive an Instagram App ID that you will use in your API calls.

Human Agent feature

The Human Agent feature allows your app to have a human agent respond to user messages using the human_agent tag within 7 days of a user's message. The allowed usage for this feature is to provide human agent support in cases where a user’s issue cannot be resolved in the standard messaging window. Examples include when the business is closed for the weekend, or if the issue requires more than 24 hours to resolve.

Instagram professional accounts

To create an app with the Instagram API with Instagram Login, you need an Instagram professional account. Your app users will also need Instagram professional accounts. An Instagram professional account can be for a business or creator.

The Instagram account ID (IGID) included in API calls represents the person who logged into your app and who owns or manages the Instagram professional account. You can use the /me endpoint which represents the IGID endpoint.

Instagram-Scoped IDs

When a person comments on a post, reel, or story, or sends a message to an Instagram professional account, an Instagram-scoped ID (IGSID) is created that represents that person on that app. This ID is specific to the person and the Instagram account they are interacting with. This allows an Instagram professional account to map interactions for the same person across multiple apps.

/me endpoint

The /me endpoint is a special endpoint that translates to the Instagram professional account ID of the person who logged into your app and whose access token is currently being used to make the API calls.

Policies

To gain and retain access to the Meta social graph you must adhere to the following:

• Automated chats on Instagram
• Meta Platform Terms
• Developer Policies
• Community Standards
• Responsible Platform Initiatives

Rate limiting

All endpoints are subject to Instagram Business Use Case rate limiting.

Webhooks

You can use Webhooks to have notifications sent to you whenever someone comments on your app users' media objects or when someone sends you a message. You can subscribe to the following events in the App Dashboard:

• comments
• live_comments
• message
• messaging_optins
• messaging_postbacks
• message_reactions
• messaging_referral
• messaging_seen

Next steps

Now that you are familiar with the components of this API, set up your webhooks server to receive notifications for Instagram events.