Login Permissions (Scopes)

The OAuth 2.0 specification allows you to specify the scope of the access you are requesting from the user. All approved apps have basic access by default, but if you plan on asking for extended access such as reading public content, liking, commenting, or managing friendships, you will need to specify these scopes in your authorization request. Note that in order to use these extended permissions, you must first submit your app for review. Here are the scopes we currently support:
  • basic - to read a user’s profile info and media

Valid use cases and associated scopes

While in sandbox, your app has access to all permissions and you can generate access tokens with any scope for testing. To use these scopes in production though, your app needs to go through review and be approved for a given permission. The permissions your app can be approved for relate directly to the use case of your app.
You should only request the permissions that map to your use case:
To help individuals share their own content with 3rd party apps: basic
This use case is meant for apps that allow the general public to login with Instagram to get their own content; for example, an app that allows people to print their own pictures. Apps that fall into this use case will only have access to the basic permission.

Invalid use cases

Here are some examples of use cases that we do not support:
Widget Installs. If you are installing a widget for your website, then you do not need to submit for permissions review. If you are installing a widget for your website, then you do not need to submit for review. Some widgets may ask you to create a new client id, but you do not need to submit it for review for the widget to work. Your client can remain in sandbox mode and the widget will have access to your last 20 media.
One-off Projects. If you are an agency building websites or other integrations, note that we don't grant permissions to clients created for one-off projects. If you are interested in building a product, platform, or widget that will be used as a service across multiple projects, then you may submit a single client_id that you can use across multiple projects.
Content Display for Personal Website. If you are a developer and you want to showcase Instagram content on a website, then you do not need to submit your app for review. By using a client in sandbox mode, you will still be able to access the last 20 media of any sandbox user that grants you permission.