Get user’s Instagram photo

7 min readDec 13, 2021

You can get the posts of authenticated users.
You can get it with either a web app or a mobile app.
Use the Instagram Basic Display API .
If you follow the procedure, it’s not that complicated.

[Image: I got the image data from Instagram and → rearranged it randomly]

All you need is a
Facebook account

An application that uses the API

The URL of your website that can be used for authentication

If you just want to get the data for the time being, you can register it with an appropriate app name. It’s okay.
The website used for authentication can be any suitable site that you can use for the time being.

Register the app in FACEBOOK For Developers

1. Log in to FACEBOOK For Developers

Open FACEBOOK For Developers .
You can log in with a general user account of FACEBOOK. If you do not have a FACEBOOK account, register it.

2. Register the app

Create an app from “MyApps”.

Select the type of app.
Register the app name.
When the app dashboard appears, go to Settings> Basics, scroll to the bottom of the page and click Add Platform.
Select any platform.
For iOS, register the bundle ID.

3. Set the basic display API

From the dashboard, click Products to find the Instagram Fundamental View product, then click Settings to add it to your app.
Fill in the required items for the basic display API.

Display name:
Enter the name of the app you just created.

Valid OAuth Redirection URI
Enter the URL of the website you want to use. This is usually a dedicated URI that can capture redirect query string parameters, but to test it for now, the URL of your website is fine.
After entering the URL, save your changes and check the URL again. Depending on the structure of the URL, a slash may be added at the end. Please copy the official URL somewhere. You will need it in a later step to get an authorization code and access token.

Revoke permission for callback URL
Re-enter the website URL. This will eventually change to a URL that can handle permission revocation notifications, but for the time being, you can reuse the website URL you specified earlier.

Data Delete Request Callback URL
Enter the website URL again. Revocation of Permission As with the callback URL, you will eventually change it to a URL that can handle the data deletion request, but for now you can reuse the URL of your website.

App Review
Skip this section until you switch the app to live mode.

Have the user authenticate the app

4. Add a test user

Go to Roles> Roles and scroll down to the Instagram Tester section. Click Add Instagram Tester, enter your Instagram account username, and submit your invitation.

While your app is in development mode, you will need to manually register a test user as described above.
In order to have a general user authenticate without test registration, the app must be reviewed by Facebook and put into live mode.

5. Accept test invitations from Instagram

Open a new web browser, go to and sign in to the Instagram account you just invited. Go to (Profile Icon)> Edit Profile> Apps & Websites> Tester Invitation to accept the invitation.

6. Authenticate the test user and get the verification code

Authenticate from a web browser.
Create the following authentication window URL. Replace with the
Instagram app ID (app dashboard> product> Instagram> basic view> displayed in the Instagram app ID field).
Replace with the website URL specified in step 2. (“Valid OAuth redirect URI”). The URLs must be exactly the same. ?client_id={app-id} &redirect_uri={redirect-uri} &scope=user_profile,user_media &response_type=code

For example: ?client_id=684477648739411 &redirect_uri= &scope=user_profile,user_media &response_type=code

Open a new browser window and load the authentication window URL.
The authentication window is displayed.

Sign in to the authentication window to authenticate your Instagram test user and click Allow to allow the app access to your profile data.
If successful, you will be redirected to the redirect URI specified in the previous step and the authorization code will be added to the URL.
For example:

(The verification code is attached to the end of the URL in the URL field of the browser, so copy it. It is the part of AQDp3TtBQQ …)

The verification code is the part of
AQDp3TtBQQ … below code = at the end of the URL
A “# _” has been added to the end of the redirect URI, but this is not part of the code itself.
Copy this code (except # _) for use in the next step.
The verification code is short-term and is valid for only one hour.

Get an authentication token

6,: Get tokens

Open a command line tool (terminal if you’re testing on a Mac) or app that supports cURL requests.
Send the following POST request to the API to get the token. (This article uses terminal commands.)

Replace {app-id}, {app-secret}, {redirect-uri}, and {code} with your Instagram app ID, Instagram app secret, redirect URI, and authorization code you copied in the previous step, respectively.
For example:

-Make sure the redirect URI exactly matches the one you specified in the previous step, including the trailing slash (if it was added in the app dashboard when you configured your Instagram app).
-Client_secret needs to be copied by displaying the alphabet properly, not in the state of ●●●●●● on the dashboard.

If successful, the API will return a JSON-encoded object containing a short-term Instagram user access token valid for 1 hour and the ID of the Instagram test user.

“access_token”: “IGQVJ …”,
“user_id”: 17841405793187218

You will get the user’s data with this token and user ID, so make a copy.

Get media using authentication token

7. Get the media

The command to get the media URL is:

The media URL will be returned in JSON format as shown below.
An array of url and id dictionary for individual posts.

{“data”: [{“media_url”: “https: \ / \ / \ / v \ /t51.29350–15 \ / 255437112_605858473995210_8575132173605956569_n.jpg? _nc_cat = 100 & ccb = 1–5 & _nc_sid = 8ae9d6 & _nc_ohc — x97 & _nc_ht =”, “id”: “17891471009375090”}, {“media_url”: https …

This URL is JSON-encoded and cannot be used as is. Need to decode.
For example, if you are using a command line tool, you can use jq to decode it.

brew install jqcurl -X GET '{Paste the access token obtained above}'|jq

The decoded data will be returned.

“data”: [
“media_url”: “ “,
“ id “:” 17891471009375090 “
“ media_url “:” https: …

You can get the content from the decoded media_url.
Paste this URL into your browser and you’ll see the image.

You can also get videos.

Get various data

Media data

You can get the following information about your media posts:
You can get all posts at once.

The command to get the data is in the following format.

curl -X GET '{Enter the fields of the information you want, separated by commas}&access_token={Access token}'

For example, if you want to get the caption and timestamp for each post:

curl -X GET ',timestamp&access_token=IGQVJVQnJtN2xFdW80TjdtVnBtYXYxWkZAiMlRzek52bG5MU3FrVXY5R0hGNjF5M0haLUVmOUxUeHo4LXBoRW5ocl9xTHdWV2Y3VU40T3dpYUg1R3l5b0xnbUFYdTNSZA3lGZA0F6LVlHRVY1bXN6cGJUWHdaX29uVS1Va0ZAj'

Since this data is also json encoded, it needs to be decoded with the above jq etc. Decoding will return the following dictionary.

“data”: [
“caption”: “
Universal “, “timestamp”: “2021–11–09T23: 44: 46 + 0000”,
“id”: “18112329574254917”
“caption”: “Disney” ,
“timestamp”: “2021–11–09T02: 43: 38 + 0000”,
“id”: “17899173164360732”


Get all images from multiple image album posts

With the batch acquisition of user posts as described above, only the first of multiple posts can be acquired.
To get all the images in an album, you need to get the child nodes of the album.
To do this, use the media id that you get when you get the posts in bulk. It will be returned for each post as an “id”.
Please note that it is different from the user id.

curl -X GET '{media-id}/children?fields={fields}&access_token={access-token}'

For example, to get the url and media type of each image in the album:

curl -X GET ',media_type&access_token=IGQVJVQnJtN2xFdW80TjdtVnBtYXYxWkZAiMlRzek52bG5MU3FrVXY5R0hGNjF5M0haLUVmOUxUeHo4LXBoRW5ocl9xTHdWV2Y3VU40T3dpYUg1R3l5b0xnbUFYdTNSZA3lGZA0F6LVlHRVY1bXN6cGJUWHdaX29uVS1Va0ZAj'

“data”: [
“media_url”: “ com & edm = ABbrh9MEAAAA & oh = 611e60685ead210ac4e6ecee6e50bafe & oe = 618F4346 “,
“ media_type “:” IMAGE “,
“ id “:” 17891715494364773 “
“ media_url “:” https: …

The json-encoded child node information is returned.
If you query the child node for captions etc., an error will be returned. This is because the information is unique to the parent node (album post).

Get long-term tokens

The above access token can only be used for 1 hour.
You can get a long-term access token that can be used for 60 days.

curl -i -X GET “{instagram-app-secret}&access_token={Short Term Token}"

This request must be made on the server, not the client, as it is a request that contains an app secret.

Renew long-term token

curl -i -X GET " ?grant_type=ig_refresh_token &access_token={Long Term Token}"

Get Instagram photos with iOS / Swift (bonus)

You can get it in the same way by requesting it with URLSession.


I’m a freelance engineer.
Work consultation to here

I am making an app that uses Core ML and ARKit.
We send machine learning / AR related information.