{"id":493,"date":"2022-06-17T11:46:06","date_gmt":"2022-06-17T17:46:06","guid":{"rendered":"https:\/\/justinstolpe.com\/blog\/?p=493"},"modified":"2022-06-17T11:57:16","modified_gmt":"2022-06-17T17:57:16","slug":"access-tokens-with-the-instagram-graph-api-php-sdk","status":"publish","type":"post","link":"https:\/\/justinstolpe.com\/blog\/2022\/06\/17\/access-tokens-with-the-instagram-graph-api-php-sdk\/","title":{"rendered":"Access Tokens with the Instagram Graph API PHP SDK"},"content":{"rendered":"<p><center><iframe loading=\"lazy\" title=\"YouTube video player\" src=\"https:\/\/www.youtube.com\/embed\/_teASazXZ3s\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/center><br \/>\nTo get an access token with the <a href=\"https:\/\/github.com\/jstolpe\/instagram-graph-api-php-sdk\/tree\/main\/src\/Instagram\" target=\"_blank\" rel=\"noopener\">Instagram Graph API PHP SDK<\/a>, users must first login through the Facebook login dialog. Facebook will then send the user back to your redirect uri with a code variable in the url which you then exchange for an access token. We can also debug an access token, check what permissions it has, and revoke permissions on it as well.<\/p>\n<h3><strong>Facebook Login Dialog<\/strong><\/h3>\n<p>Display a link for the user to click on and login with Facebook. Once the user logs in with Facebook, Facebook will send them to the redirect uri. The redirect uri in your code must also be entered in the Facebook Login settings of you app under &#8220;Valid OAuth Redirect URIs&#8221;.<\/p>\n<pre>use Instagram\\FacebookLogin\\FacebookLogin;\r\n\r\n$config = array( \/\/ instantiation config params\r\n    'app_id' => 'FB_APP_ID', \/\/ facebook app id\r\n    'app_secret' => 'FB_APP_SECRET', \/\/ facebook app secret\r\n);\r\n\r\n\/\/ uri facebook will send the user to after they login\r\n$redirectUri = 'https:\/\/path\/to\/fb\/login\/redirect.php';\r\n\r\n$permissions = array( \/\/ permissions to request from the user\r\n    'instagram_basic',\r\n    'instagram_content_publish', \r\n    'instagram_manage_insights', \r\n    'instagram_manage_comments',\r\n    'pages_show_list', \r\n    'ads_management', \r\n    'business_management', \r\n    'pages_read_engagement'\r\n);\r\n\r\n\/\/ instantiate new facebook login\r\n$facebookLogin = new FacebookLogin( $config );\r\n\r\n\/\/ display login dialog link\r\n<span class=\"pl-k\">echo<\/span> <span class=\"pl-s\">'&lt;a href=\"'<\/span> . <span class=\"pl-s1\"><span class=\"pl-c1\">$<\/span>facebookLogin<\/span>-&gt;<span class=\"pl-en\">getLoginDialogUrl<\/span>( <span class=\"pl-s1\"><span class=\"pl-c1\">$<\/span>redirectUri<\/span>, <span class=\"pl-s1\"><span class=\"pl-c1\">$<\/span>permissions<\/span> ) . <span class=\"pl-s\">'\"&gt;'<\/span> .\r\n    <span class=\"pl-s\">'Log in with Facebook'<\/span> .\r\n<span class=\"pl-s\">'&lt;\/a&gt;'<\/span>;<\/pre>\n<h3><strong>Get Access Token From Code<\/strong><\/h3>\n<p>Once the user logs in through Facebook, Facebook directs them to your redirect uri and appends on a code. For the above example once the user logs in, Facebook would redirect them to &#8220;https:\/\/path\/to\/fb\/login\/redirect.php?code={code}&#8221;. We then can exchange this code for the access token.<\/p>\n<pre>\r\nuse Instagram\\AccessToken\\AccessToken;\r\n\r\n$config = array( \/\/ instantiation config params\r\n    'app_id' => 'FB_APP_ID', \/\/ facebook app id\r\n    'app_secret' => 'FB_APP_SECRET', \/\/ facebook app secret\r\n);\r\n\r\n\/\/ we also need to specify the redirect uri in order to exchange our code for a token\r\n$redirectUri = 'https:\/\/path\/to\/fb\/login\/redirect.php';\r\n\r\n\/\/ instantiate our access token class\r\n$accessToken = new AccessToken( $config );\r\n\r\n\/\/ exchange our code for an access token\r\n$newToken = $accessToken->getAccessTokenFromCode( $_GET['code'], $redirectUri );\r\n        \r\nif ( !$accessToken->isLongLived() ) { \/\/ check if our access token is short lived (expires in hours)\r\n    \/\/ exchange the short lived token for a long lived token which last about 60 days\r\n    $newToken = $accessToken->getLongLivedAccessToken( $newToken['access_token'] );\r\n}\r\n<\/pre>\n<h3><strong>Debugging Access Tokens<\/strong><\/h3>\n<p>Debugging an access token can get you info on the token like when it expires, if it valid, the permissions, the user id, and more! All you need to provide is the token you want debugged along with a developer or admin user access token for your app.<\/p>\n<pre>\r\nuse Instagram\\AccessToken\\AccessToken;\r\n\r\n$config = array( \/\/ instantiation config params\r\n    'value' => 'ACCESS_TOKEN', \/\/ access token to debug\r\n    'access_token' => 'ACCESS_TOKEN' \/\/ an admin or developer access token for the app\r\n);\r\n\r\n\/\/ instantiate our access token class\r\n$accessToken = new AccessToken( $config );\r\n\r\n\/\/ debug the token\r\n$debug = $accessToken->debug();\r\n<\/pre>\n<h3><strong>Get Access Token Permissions<\/strong><\/h3>\n<p>With the user id and access token you can get a list of the permissions along with their status on the access token<\/p>\n<pre>\r\nuse Instagram\\AccessToken\\AccessToken;\r\n\r\n$config = array(\r\n    'user_id' => 'USER_ID',\r\n    'access_token' => 'ACCESS_TOKEN'\r\n);\r\n\r\n\/\/ instantiate our access token class\r\n$accessToken = new AccessToken( $config );\r\n\r\n\/\/ get permissions\r\n$permissions = $accessToken->getPermissions();\r\n<\/pre>\n<h3><strong>Revoking Access Token Permissions<\/strong><\/h3>\n<p>We can revoke any permissions on an access token. We can revoke individual permissions or we can revoke them all at the same time.<\/p>\n<pre>\r\nuse Instagram\\AccessToken\\AccessToken;\r\n\r\n$config = array(\r\n    'user_id' => 'USER_ID',\r\n    'access_token' => 'ACCESS_TOKEN'\r\n);\r\n\r\n\/\/ instantiate our access token class\r\n$accessToken = new AccessToken( $config );\r\n\r\n\/\/ permissions to revoke (leave blank to revoke all permissions)\r\n$revokePermissionName = '<PERMISSION>';\r\n\r\n\/\/ revoke the specified permission (if no name is passed in all permissions will be revoked)\r\n$revoke = $accessToken->revokePermissions( $revokePermissionName );\r\n<\/pre>\n<p>And that is the functionality built into the Instagram Graph API PHP SDK. I know the Instagram Graph API can be a bit confusing and so I hope this makes dealing with access tokens a bit easier! Well, that is going to do it for this post! Leave any comments\/questions below and thanks for stopping by the blog!<\/p>\n<p style=\"text-align: center;\"><strong>Links<\/strong><\/p>\n<p><strong><a href=\"https:\/\/github.com\/jstolpe\/instagram-graph-api-php-sdk\" target=\"_blank\" rel=\"noopener\">Code on GitHub<\/a><\/strong><\/p>\n<p><strong><a href=\"https:\/\/github.com\/jstolpe\/instagram-graph-api-php-sdk\/wiki\" target=\"_blank\" rel=\"noopener\">Wiki on GitHub<\/a><\/strong><\/p>\n<p><a href=\"https:\/\/www.youtube.com\/watch?v=_teASazXZ3s\" target=\"_blank\" rel=\"noopener\"><strong>YouTube Video<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>To get an access token with the Instagram Graph API PHP SDK, users must first login through the Facebook login dialog. Facebook will then send the user back to your redirect uri with a code variable in the url which you then exchange for an access token. We can also debug an access token, check &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/justinstolpe.com\/blog\/2022\/06\/17\/access-tokens-with-the-instagram-graph-api-php-sdk\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Access Tokens with the Instagram Graph API PHP SDK&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":503,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,9],"tags":[22,20,21,8,23,19],"class_list":["post-493","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-coding","category-html","category-php","tag-graph-api","tag-instagram","tag-instagram-graph-api","tag-php","tag-php-sdk","tag-sdk"],"_links":{"self":[{"href":"https:\/\/justinstolpe.com\/blog\/wp-json\/wp\/v2\/posts\/493","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/justinstolpe.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/justinstolpe.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/justinstolpe.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/justinstolpe.com\/blog\/wp-json\/wp\/v2\/comments?post=493"}],"version-history":[{"count":12,"href":"https:\/\/justinstolpe.com\/blog\/wp-json\/wp\/v2\/posts\/493\/revisions"}],"predecessor-version":[{"id":516,"href":"https:\/\/justinstolpe.com\/blog\/wp-json\/wp\/v2\/posts\/493\/revisions\/516"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/justinstolpe.com\/blog\/wp-json\/wp\/v2\/media\/503"}],"wp:attachment":[{"href":"https:\/\/justinstolpe.com\/blog\/wp-json\/wp\/v2\/media?parent=493"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/justinstolpe.com\/blog\/wp-json\/wp\/v2\/categories?post=493"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/justinstolpe.com\/blog\/wp-json\/wp\/v2\/tags?post=493"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}