Instagram recently changed their public API to become a little bit more restrictive.
What I’d like to do is retrieve posts from an account that I own via a client side trigger, while at the same time, protecting my Instagram refresh token by not storing it in browser local storage.
My initial thought is to create a Netlify Function that does the following:
Retrieve my client secret from a server-side environment variable, accessed only by the Netlify Function
When the client (Gatsby App) loads the page, the Netlify function is called.
Upon first run of the Netlify Function, retrieve a Long-Lived Access Token from the Instagram Basic Display API
Store the refresh token somewhere server-side (is this even possible?)
Use the access token to retrieve a user profile, and consequently the last 10 media items.
Subsequent hits to the Netlify function’s endpoint should check to see if the token needs refreshing, before making the call to retrieve the user profile data.
So the question is, is it possible to retrieve a refresh token, and store it somewhere that is accessible by the Netlify Function only?
Failing that, the Long Lived Token actually lasts for 60 days. Theoretically, we could generate a token and store it as a server-side environment variable. If we use that method, is there an API endpoint that can be run to update environmental variables? E.g. I would set up a scheduled task that refreshes and updates the token every 59 days.
Any advice would be appreciated. Thanks in advance.