Let’s say you want to put a feed of Instagram posts on the site. Let’s take an example of getting an instagram access token for your application.

Step 1

Go to Facebook developers tools and create a new application

Step 2

Enter the created application and go to Settings - Basic. Scroll down and add a platform (site). Then save the settings.

Step 3

Products – Instagram Basic Display. Create a new app

Step 4

Set the redirect uri and other links

Step 5

Add a tester. This must be the Instagram account for which you receive the key.

Step 6

Go to profile settings in Instagram and accept the invitation.

Step 7

Using Instagram App Id and Redirect URI, follow the link:


https://api.instagram.com/oauth/authorize?client_id=INSTAGRAM-APP-ID&redirect_uri=REDIRECT-URI&scope=user_profile,user_media&response_type=code&state=1

and confirm the authorization

Step 8

Save the code from the address you were redirected to:

https://helpforsite.com/oauth/?code=AQCigVXLoUCP2dkdpctca2x-xGEnkyXPecWbLTS_tQ5E1ehrsjBZydqyRn6unhIMzkBRye466PaCF0tUXcrhmXDLYFfh7IvDy1GZGmjEMDTSTByLw6_qyIZjeT_7xaY_JF3BcxmR6zxMb4_CZANmP5jNfPibH1Xu2rJpDPG29-IeaY0wwuUTVNu884V0rc0ymX2Lc0VsKbK1BQtozFYwrs0lCWcyqf_JTacGxr_ddm1dsQ&state=1#_

Step 9

Now you have to make a POST request to https://api.instagram.com/oauth/access_token to obtain a short-term access token. This is what it looks like when you use curl in a console:

curl -d "client_id=INSTAGRAM-APP-ID&redirect_uri=REDIRECT-URI&grant_type=authorization_code&client_secret=INSTAGRAM-APP-SECRET&code=CODE " https://api.instagram.com/oauth/access_token

In return you get json containing access_token

Step 10

Follow the link using the access_token:

https://graph.instagram.com/access_token?client_secret=INSTARGAM-APP-SECRET&grant_type=ig_exchange_token&access_token=ACCESS-TOKEN

In return, you get json with a long-term key for 60 days.

Step 11

To update the long-term access key, use the link:

https://graph.instagram.com/refresh_access_token?grant_type=ig_refresh_token&access_token=LONG-LIVED-ACCESS-TOKEN

The update should be done while the key is still active.