Search code examples
pythoninstagraminstagram-api

Instagram: Signature did not match

I'm trying to get started with the Instagram API but I can't even make a simple call because I get an error 

{"code": 403, "error_type": "OAuthForbiddenException", "error_message": "Invalid signed-request: Signature does not match"}

I generated my access_token with scope as likes+comments.

This is my URL: https://api.instagram.com/v1/media/search?lat=48.858844&lng=2.294351&access_token=ACCESS-TOKEN&sig=SIG

I generated the signature using this script from the Instagram developer site because it initially gave me

"Invalid signed-request: Missing required parameter 'sig'"

This is the script:

    # -*- coding: UTF-8 -*-
import hmac
from hashlib import sha256

def generate_sig(endpoint, params, secret):
    sig = endpoint
    for key in sorted(params.keys()):
        sig += '|%s=%s' % (key, params[key])
    return hmac.new(secret, sig, sha256).hexdigest()

endpoint = 'media/search'
params = {
    'access_token': _______________,
    'count': 10,
}
secret = ______________________
sig = generate_sig(endpoint, params, secret)
print "sig is",sig

Any help is appreciated! Thanks

Solution

  • From docs:

    When enabled, Instagram will check for the sig parameter of each request and verify that the value matches a hash computed using your Client Secret. The expected value is a HMAC using the SHA256 hash algorithm with all your request parameters and your Client Secret.

    Your signature generator function is okay, but it is not includes all params. It should be:

    params = {
    'access_token': _______________,
    'count': 10,
    'lat':  "<lat value>",
    'lng': "<long value>",
}

    It should be work well. Also, here is some helpful aditional guidelines:
    http://instagram-api.tumblr.com/post/120586735719/instagram-secure-api-requests

    EDIT:

    Here is exactly as I did:

    # coding: utf-8

# My client_id, secret, access_token, etc...
import settings
from urllib import urlencode
import hmac
from hashlib import sha256

def generate_sig(endpoint, params, secret):
    sig = endpoint
    for key in sorted(params.keys()):
        sig += '|%s=%s' % (key, params[key])
    return hmac.new(secret, sig, sha256).hexdigest()


endpoint = '/media/search'
params = {
    'access_token': settings.ACCESS_TOKEN,
    'lat': '48.858844',
    'lng': '2.294351',
    'count': 10,
}
params.update({'sig': generate_sig(endpoint, params, settings.CLIENT_SECRET)})
url = 'https://api.instagram.com/v1' + endpoint + '?' + urlencode(params)

# Success!!!
print url

    It should give us an URL like this format:

    https://api.instagram.com/v1/media/search?access_token=XXX&lat=XXX&lng=XXX&sig=XXX&count=XXX