Instagram recently changed their public API to become a little bit more restrictive.
What I’d like to do is retrieve posts from an account that I own via a client side trigger, while at the same time, protecting my Instagram refresh token by not storing it in browser local storage.
My initial thought is to create a Netlify Function that does the following:
Retrieve my client secret from a server-side environment variable, accessed only by the Netlify Function
When the client (Gatsby App) loads the page, the Netlify function is called.
Upon first run of the Netlify Function, retrieve a Long-Lived Access Token from the Instagram Basic Display API
Store the refresh token somewhere server-side (is this even possible?)
Use the access token to retrieve a user profile, and consequently the last 10 media items.
Subsequent hits to the Netlify function’s endpoint should check to see if the token needs refreshing, before making the call to retrieve the user profile data.
So the question is, is it possible to retrieve a refresh token, and store it somewhere that is accessible by the Netlify Function only?
Failing that, the Long Lived Token actually lasts for 60 days. Theoretically, we could generate a token and store it as a server-side environment variable. If we use that method, is there an API endpoint that can be run to update environmental variables? E.g. I would set up a scheduled task that refreshes and updates the token every 59 days.
Any advice would be appreciated. Thanks in advance.
Yes, we ended up using a Netlify (lambda) proxy function calling a Dynamo DB at AWS to persist and amend the issued token for subsequent API calls. Site has been up and working well: Home | Four Hands Art Studio
hey @JpMaxMan - if you head over to #features and do a solid write-up of what benefits you’d expect from implementing something akin to Cloud Flare workers, we can get some eyes on it and think on it some more. Any detail on why this might be beneficial to customers is helpful!