X-Insta-Forwarded-For Error Instagram API using PHP cURL
I'm trying to make a post to instagram using this api and the POST method of relationships.
Here is the side-server code I'm using:
<?php
$url = "https://api.instagram.com/v1/users/<user>/relationship";
$ips= (isset($_SERVER['SERVER_ADDR'])) ? $_SERVER['SERVER_ADDR'] : gethostbyname(gethostname());
$signature = (hash_hmac('sha256', $ips, '<secret>', false));
$join = join('|', array($ips, $signature));
$headerData = array('Accept: application/json');
$headerData[] = 'X-Insta-Forwarded-For: ' .$join;
$fields = array(
'access_token' => '<access_token>',
'action' => 'follow'
);
$ch = curl_init();
// set URL and other appropriate options
curl_setopt($ch, CURLOPT_URL, $url);
//curl_setopt($ch, CURLOPT_HTTPHEADER, $headerData);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($fields));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
// grab URL and pass it to the browser
$result = curl_exec($ch);
$error = curl_error($ch);
// close cURL resource, and free up system resources
curl_close($ch);
print_r($result);
?>
AS you can see I have this line commented out:
//curl_setopt($ch, CURLOPT_HTTPHEADER, $headerData);
Because as I know, to POST to instagram using cURL I only need a valid access_token, but Instagram is returning me this error:
{"code": 403, "error_type": "OAuthForbiddenException", "error_message": "Invalid header: X-Insta-Forwarded-For is required for this operation"}
I understand what this means, but my question is if someone has tried something similar without registering an app on Instagram API and using an external access_token found on internet?
The access_token you are using belongs to an app that probably has this signed header POST restriction active ("Enforce signed header").
Go to https://instagram.com/developer/clients/manage/ to create or manage your apps, click on Edit app and then on Security tab. You should see the page below. Enforce signed requests (the new and better signing method) and Enforce signed header (the old one, that will be deprecated on September 1th) are the methods to avoid misuse of stolen access_token.
You can't post anything to Instagram API without X-Insta-Forwarded-For if Enforce signed header is checked. Just as you can't make a request to API without the sig parameter if "Enforce signed requests" is checked.
I recommend you learn the new signed request method observing those Instagram API secure requests considerations
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices