Instagram for Developers

Welcome to the Instagram for Developers blog! Letting you know about new API features, bug fixes, how-tos, and more. Checkout the Developer Site and Stack Overflow for community support.

Guidelines for Comments API POST endpoint now in effect

Last month, we announced a new set of guidelines that we will begin to apply to all comments posted through the Comments POST endpoint.  These guidelines are now in effect.

You can find more information on these guidelines on our developer site at:

New rate limits in effect

Last month, we announced some new tools to help us better identify the API calls that your app makes to Instagram. Along with these tools, we introduced a new method for rate-limiting POSTs made to our platform which are now in effect.

You can find more information on these new rate limits on our developer site at:

API bug fixes

Thanks to all developers who reported issues through the bug tool:

This is the list of recent fixes to the Instagram API:

- Fix /oembed endpoint to return correct images when using maxheight or maxwidth parameters.
- Fix /tags/{tagname}/media/recent endpoint to return correct pagination parameters max_tag_id and min_tag_id.

New guidelines for Comments API POST endpoint

With explicit permission from an Instagram user, approved developers have the ability to post comments on that user’s behalf through the Comments POST endpoint and we’re committed to ensuring that developers using this endpoint are creating high quality experiences for our community. To that end, we’re going to begin to require that all comments posted through this endpoint meet the following guidelines, starting on July 19, 2014.

  • The total length of the comment cannot exceed 300 characters
  • The comment cannot contain more than 4 hashtags
  • The comment cannot contain more than 1 URL
  • The comment cannot consist of all capital letters

If a comment posted through the API does not meet one of these conditions, an error response will be returned and the comment will not be posted. A specific reason will be returned to help you resolve the issue before any re-attempts. For example:

{"code": 400, "error_type": "APICommentTooLongError", "error_message": "Your comment is too long."}

In order to provide a good experience to people that use your service, we recommend that you provide meaningful messages so that people understand why their comment was not successfully posted in these cases.

For more information on these guidelines and the expected error responses, please refer to our Developer Site.

New tools and rate limits for POST endpoints

Today we’re announcing new tools to help us better identify the API calls that your app makes to Instagram. These new tools will bring more consistency and stability to your app since our systems will now have a stronger understanding of the calls that you make, enabling us to help support you in the best way possible. As part of these new tools, we are also introducing a new method for rate-limiting POSTs made to our platform which will go into effect on July 7, 2014.

Disable Client-Side (Implicit) Authentication

For apps that issue API calls to Instagram server-side, we have introduced a new setting to your OAuth Client configuration which will cause all Client-Side (Implicit) authorizations requests to be rejected. Given the convenience of the Implicit OAuth Grant flow, we’ve found many developers opting for this approach, even though it was only created to support javascript and mobile clients. Server-side apps should take advantage of this new setting in order to prevent malicious developers from impersonating your OAuth Client through the implicit flow and capturing access tokens from unsuspecting people.

Enforce Signed Header

In order to help us better verify the identity of your app as the source of API calls being made on behalf of your OAuth Client, we have also added support for a new HTTP header which signs your API requests. By enabling the new Enforce signed header setting on your OAuth Client configuration, we will verify the signature in the X-Insta-Forwarded-For HTTP header and reject any API calls that do not match. As with disabling client-side authentication, we encourage all developers with server-side apps to begin securing their API calls with this HTTP header.

Revised Rate Limits on POSTs

On July 7, 2014, we will introduce a new method for rate-limiting POSTs made to the Instagram Platform in which a different set of rate limits will be applied based on whether your app is issuing signed requests or not. Under this new model, we will provide an elevated set of rate limits for apps that secure their OAuth Clients by performing the two following actions:

  • Disabling Client-Side (Implicit) Authentication
  • Signing all POSTs and DELETEs to Instagram Platform with the X-Insta-Forwarded-For HTTP header

The following new rate limits will go into effect on July 7, 2014:

Unsigned Calls (per OAuth token):

  • POST /media/media-id/likes:  30/hour
  • POST /media/media-id/comments:  15/hour
  • POST /users/user-id/relationships:  20/hour

Signed Calls (per OAuth token):

  • POST /media/media-id/likes:  100/hour
  • POST /media/media-id/comments:  60/hour
  • POST /users/user-id/relationships:  60/hour

Support for HTTP 429 Status Code

In order to provide more clarity when a rate limit condition has been hit, we will begin returning the HTTP status code 429 (Too Many Requests) for calls that exceed the rate limit for a particular endpoint. The following changes take effect today:

  • Requests with user tokens that exceed a rate limit will now return HTTP status code 429 (previously 400)
  • Requests that exceed the global rate limit for a client ID will return HTTP status code 429 (previously 420)

Updated Libraries

Lastly, we have updated our Python and Ruby libraries to add support for the new X-Insta-Forwarded-For HTTP header as well as the new HTTP 429 status code. These updated libraries can be found on our developer site.

Instagram Python SDK v1

Following on from the Ruby SDK v1 release, we’re happy to announce the Python Instagram SDK v1 release. Once again, a big thanks goes to all the contributors from the Github community. We look forward to seeing more great applications built on the Instagram Platform.

Release notes:

  • Video Support
  • Easy Accces to Rate Limit Information
  • Easier Pagination
  • Improved Sample Application
  • More Expressive Error Messages, e.g OAuthRateLimitExceeded

Instagram Ruby SDK v1

Yesterday we released v1.0.0 of the Ruby SDK. This would not have been possible without significant contributions from the Instagram Github community. Thank you!

Release Notes:

  • New Sample App – updated with greater endpoint coverage
  • Improved Readme and documentation
  • Now Supports Faraday 0.9 – making the gem much more compatible with other popular gem’s
  • Better pagination support
  • Improved realtime/subscriptions support
  • Easy access to rate limit data
  • Various smalls improvements and bug fixes

API returning 500 errors on specific IP

API health,

We have received reports that certain servers are consistently getting 500 errors when hitting any endpoint. We are looking into this issue and working to get it fixed as soon as possible.

API services have been restored

API health,

Apologies for any inconveniences you may have encountered

API services currently not responding

API health,

We are currently aware that the API services are not responding; we’re working to resolve this asap.  Thank you for your patience.

Update: API Services are slow, but are returning data; we are continuing to work on restoring full performance