How To Generate Instagram Access Token?

Before You start to get Instagram Access Token, You need:

  • A Facebook Developer Account.
  • An Instagram account with media.
  • A public website that you own. This can be a generic free one like a Github Page or Heroku web app, or your actual website.
  • A command-line tool such as Terminal or an app like Postman that can perform cURL requests.

1. Create Facebook App

Go to, click My Apps, and create a new app. While creating your app, it will ask the type of the app in that you have to select last option named “None”.

Once you have created the app and are in the App Dashboard, navigate to Settings > Basic, scroll the bottom of page, and click Add Platform.

Choose Website, add your website’s URL, and save your changes. You can change the platform later if you wish, but for this tutorial, use Website.

2. Configure Instagram Basic Display

Click Products, locate the Instagram product, and click Set Up to add it to your app.

Click Basic Display, scroll to the bottom of the page, then click Create New App.

Display Name

Enter the name of the Facebook app you just created.

Valid OAuth Redirect URIs

Enter your website’s URL. Normally this would be a dedicated URI that can capture redirect query string parameters, but for this tutorial your website’s URL will be fine.

For example:

After you enter a URL, save your changes and check the URL again; we may have appended a trailing forward slash depending your URL structure. Copy the complete URL somewhere since you will need it in later steps to get authorization codes and access tokens.

Deauthorize Callback URL

Enter your website’s URL again. Eventually you will have change this to a URL that can handle deauthorization notifications, but for the purposes of this tutorial, you can re-use your website URL.

Data Deletion Request Callback URL

Enter your website’s URL once again. Just like the Deauthorize Callback URL, you will eventually have change this to a URL that can handle data deletion requests, but for now you can re-use your website URL.

App Review

Skip this section for now since you will not be switching the app to Live Mode during the tutorial.

3. Add an Instagram Test User

Navigate to Roles > Roles and scroll down to the Instagram Testers section. Click Add Instagram Testers and enter your Instagram account’s username and send the invitation.

Open a new web browser and go to and sign into your Instagram account that you just invited. Navigate to (Profile Icon) > Edit Profile > Apps and Websites > Tester Invites and accept the invitation.

Your Instagram account is now eligible to be accessed by your Facebook app while it is in Development Mode.

3. Generate Access Token

Open App Dashboard > Products > Instagram > Basic Display > Instagram

Click on Generate Token button then appear The Authorization Window allows your app to get Authorization Codes and permissions from app users. Authorization Codes can be exchanged for Instagram User Access Tokens, which must be included when querying an app user’s profile or their media.

Copy the access token and user ID so you can use Social Stream Designer Plugin.

Token Expiration

Instagram want their user accounts to be safe, and for that, they have set certain safety boundaries. On finding any suspicious activity happening around or within your account, your credential/token might expire.

The possible reasons behind your credential/token expirations are:

  • You may haven’t logged in even once in the last 2 months (the most usual reason).
  • You’ve recently changed your Instagram password.
  • You’ve recently logged out of Instagram.
  • Logging in and out of multiple Instagram accounts from your device.
  • Instagram has detected a security issue on your account.
  • Instagram suspects spammy behavior on your account (like posting too frequently or repetitive content).
  • Suspicious (Login attempts from a new location) and later not having the full permissions required. In case if you initially grant the permissions and decide to stop using our authentication, we do not have access without your permission.

NOTE : User Access Token are long-lived and are valid for 60 days.