I'm building PHP tools on a colleague's website to show their Instagram media on their website. I understand that the current procedure is to authenticate the application and use an
access_token to fetch media.
Step One: Direct your user to our authorization URL
Step Two: Receive the redirect from Instagram
Step Three: Request the access_token
The workflow seems to be:
- Direct the user to the authentication URL, passing the
- The user authenticates and is returned to the callback URL.
- My page receives the returned
- Send the
codeto receive an
- Use the
access_tokento fetch media from the API.
The problem is that I will be delivering this code to my colleague and I do not want to hardcode my
client_secret. So, I'm assuming I can't use my own developer account. Does my colleague need to create their own developer account, register an app, and get their own
Would this be the correct workflow for my situation?
- Instruct my colleague to create a developer account, register an app, and get a
- Prompt them to enter their
client_idinto a form on their site.
- Submit the form to the Instagram Authentication URL and receive the returned
- Prompt them to enter enter their
client_idagain with their
client_secretinto a form.
- Send the
codeand retrieve the
- Store the
access_tokenin the database for later use.