Instagram access token to retrieve any user feed
The token is required so the API cannot be accessed anonymously. Instagram photos are public unless the user has explicitly set their account to be private. Therefore, it is normal to be able to access the feeds of any public user account with a single valid token.
A token does not circumvent users' settings. If you try to access an account that is marked private you won't get any results and instead receive this response:
{"meta":{"error_type":"APINotAllowedError","code":400,"error_message":"you cannot view this resource"}}
![David](https://i.stack.imgur.com/81PoR.png?s=256&g=1)
David
Updated on August 25, 2022Comments
-
David almost 2 years
Is it normal that I can get any users feed with the same access_token? Here are two examples. The first is from the test account, it is what I should have access to. And the second one is from the ImagineDragons's instagram feed.
If so, why do I have to request an access_token in order to do the request?
-
David almost 11 yearsThanks a lot, I didn't know you could have a private account Instagram account. This make sense now.
-
David almost 11 yearsI knew all this. I was wondering why with a single access_token I could gather any users feed. The private accound make sens know. Plus a simple bot could crwal pages from around the www to find such access_token in websites that makes theses javascript request. The token is right in the GET request.
-
akshay2000 almost 7 yearsThis is not entirely true. Most APIs do require a client id which can identify which app is making the request. Access tokens are used to identify which user is trying to make the request.