Getting Checkpoint Error over and over

[sagardalal21]

When i got checkpoint error message from api, I have passed checkpoint by clicking "This was me" and tried again to call api but no luck. i got following message every time:

{ [RequestError: challenge_required]
  name: 'RequestError',
  message: 'challenge_required',
  json:
   { message: 'challenge_required',
     challenge:
      { url: 'https://i.instagram.com/challenge/5746353294/XiIA0cso5U/',
        api_path: '/challenge/5746353294/XiIA0cso5U/',
        hide_webview_header: true,
        lock: true,
        logout: false,
        native_flow: true },
     status: 'fail',
     error_type: 'checkpoint_challenge_required' } }

[mme76]

This seems to happen the first time you login with the API and it started 24-48 hours ago or so.

On Fri, Dec 8, 2017 at 8:09 AM, sagardalal21 notifications@github.com wrote:

When i got checkpoint error message from api, I have passed checkpoint by clicking "This was me" and tried again to call api but no luck. i got following message every time:

{ [RequestError: challenge_required] name: 'RequestError', message: 'challenge_required', json: { message: 'challenge_required', challenge: { url: 'https://i.instagram.com/challenge/5746353294/XiIA0cso5U/', api_path: '/challenge/5746353294 <(574)%20635-3294>/XiIA0cso5U/', hide_webview_header: true, lock: true, logout: false, native_flow: true }, status: 'fail', error_type: 'checkpoint_challenge_required' } }

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/huttarichard/instagram-private-api/issues/394, or mute the thread https://github.com/notifications/unsubscribe-auth/AeiU5U_-KMDpNG-iTWg1eo7zAChOayUSks5s-TUPgaJpZM4Q7ErO .

[henriqueandradesilva]

I've run some tests and managed to resolve some accounts already, we're really having problem with location.

[alessio-perugini]

I think instagram updated their spam filter. I've done some tests since yesterday and i can say that if i perfom a new login in my localhost in my house i get a challenge but after i allow the position i can use the api. If i perfom a new login from my server bought some week ago just for tests purpose i got a challenge loop. I think that's because instagram notice that with your phone or 1 of your devices is login in X position and after several minutes/seconds the same account try to login in another different position.

For example if i login with proxy in italy i get endless challenge same with french proxy. I also tried to use fake gps thinking i could let know instagram that i'm currently in the same position of proxy but it doesn't seems to work :C Btw i've also used a proxy in my same country not that far from my current location and also got challenge loop (but that could be because is a free open proxy so it could be corrupted by spammers).

[comradefuzz]

There are same issues in php library https://github.com/mgp25/Instagram-API/issues/1734 Probably it relates to Instagram geoip system malfunction

[XXWGXX]

I have come to this conclusion after days of trial and error.

1. API Login + Self Hosted Script (Home IP) = Success
2. API Login + Server Hosted (Proxy) = Fail
3. Web/App Login + Proxy (Literally any freaking proxy) = Success

I am noticing this pattern again and again with various trials and errors.

Those claiming this to be an spam update - I do not see how it can be one if its avoiding the main spam farms (bot farms) as they all seem to be having no glitch at all.

Plus - my custom script is built to NOT give actions (my bot doesn't like/comment/follow/unfollow/post) - literally nothing. I just scrape likes/comments on a slow speed. I wonder if that classifies as spamming.

Some people are claiming this to be 'gift from heaven'. Haha. Gift for whom? The bot farms are thriving. Panels with 500,000+ Instagram bot profiles are still up and working so freaking PERFECT. Gift from heaven it seems. Haha.

This HAS happened once more an year ago. Exact same situation. It kind of went away after a few days. So lets see.

EDIT - If at all this is a spam filter then it is a poor one. I have never botted my Instagram accounts for 'growth'. I have never automated actions (likes/comments/posts and all). My accounts are 100% hand grown with no 'spammy' activity. My script does nothing but scrape likes/comments and now I am blocked from logging in via API when hosted on a server? Its just not adding up.

[abhikmitra]

+1 Seeing the same issue . It also looks that they are blocking certain IPs. Cause when I do it from my home network it works fine.

[sppmaster]

Updating the API key to version 25 seems that may fix the issue btw

[henriqueandradesilva]

@sppmaster how did you do?

[sppmaster]

@henriqueandradesilva I used a custom online bot. The accounts flagged are working fine on their website (but not on my bot as I didn't updated the key).

[gitadept]

@sppmaster I did many tests with latest key. I have achieved a valid session (can working with private api), but didn't leave checkpoint loop. When I log in from my device, I get "send code to email", and after inserting, challenge repeats again and again...

[sblim0126]

Anyone who can get end point or parameter information about 'challenge required' error?

[sppmaster]

@XXWGXX

[XXWGXX]

@sppmaster Yes?

[sppmaster]

@XXWGXX maybe you can help :)

[XXWGXX]

I've tried with updated API. No luck. I even tried in script 6 digit code submission via API to login directly and that didn't help either. If you have any ideas you'd like to implement that you think would work I'm ready to give them a try and report back on the results. By this point I'm really running out of ideas.

[sppmaster]

Brand new account created from local ISP with proxy from the same country has logged succesfully without checkpoint.

[rafaelwedbiz]

Hi guys, i do not use this api but im facing the same problem, i figured out that if us make verification process and after the last request where us post security_code, the cookie returned is valid and it works, but im trying to figured out the reason why some acc returns cookie that sound like are web cookies and not app cookies.

acc that returns sessionid cookie like it:

sessionid xxxxxxxxxx%3AnzDrKeWH8laSwR%3A13

works!

but acc that returns sessionid cookie like it:

IGSC3a14882d00fb485eb5463328aec303e6fd2f7dd5926f6892de2d18e33ebdf4b3%3ALBeK67j788YorqXSAfJamfhtwGBr8PDU%3A%7B%22_auth_user_id%22%3Axxxxxxxxx%2C%22_auth_user_backend%22%3A%22accounts.backends.CaseInsensitiveModelBackend%22%2C%22_auth_user_hash%22%3A%22%22%2C%22_platform%22%3A4%2C%22_token_ver%22%3A2%2C%22_token%22%3A%221566131001%3A6Xo46ThinJ2ExT5aJlL6jV2mTurshLrT%3A8d576ccb5decb17294f3c0e617540d1743bf9f9ee6a840cc5f79dc9e511d9f19%22%2C%22last_refreshed%22%3A1513078387.4583177567%7D

doesn't work properly at some app endpoints but works at web.

im trying to understand it, someone knows something about it?

[newstarbka]

Hi, I had an error with challenge function. Here my code `var Client = require('instagram-private-api').V1; var device = new Client.Device('my_user_name'); var storage = new Client.CookieFileStorage(__dirname + '/cookies/my_user_name.json');

// And go for login Client.Session.create(device, storage, 'my_user_name', 'my_password') .then(function(session) { // Now you have a session, we can follow / unfollow, anything... // And we want to follow Instagram official profile return [session, Client.Account.searchForUser(session, 'instagram')]
}) .spread(function(session, account) { return Client.Relationship.create(session, account.id); }) .then(function(relationship) { console.log(relationship.params) // {followedBy: ... , following: ... } // Yey, you just followed @instagram }) .catch(Client.Exceptions.CheckpointError, e => { console.log('kkkkkkkk') //Client.Web.Challenge.resolve(e); });`

The result on console screen always return message : "Unhandled rejection RequestError: challenge_required" Someone knows something about it ?

[airfire]

The login issue is now fixed. Instagram reverted the changes applied to the verification system.

[sppmaster]

@newstarbka change proxies to better ones

[newstarbka]

`function challengeMe(error){ return Client.Web.Challenge.resolve(error,'email') .then(function(challenge){ // challenge instanceof Client.Web.Challenge console.log(challenge.type); // can be phone or email // let's assume we got phone if(challenge.type !== 'email') return; //Let's check if we need to submit/change our phone number //return challenge.phone('79876543210') //.then(function(){return challenge}); return challenge.code('578246'); })

    .then(function(challenge){
        // And we got the account confirmed!
        // so let's login again
        console.log('continue login');
        return loginAndFollow(device, storage, user, password);
    })

}

function loginAndFollow(device, storage, user, password) { return Client.Session.create(device, storage, user, password) .then(function(session) { // Now you have a session, we can follow / unfollow, anything... // And we want to follow Instagram official profile return [session, Client.Account.searchForUser(session, 'instagram')]
}) .spread(function(session, account) { console.log('spread'); return Client.Relationship.create(session, account.id); }) }

loginAndFollow(device, storage, user, password) .catch(Client.Exceptions.CheckpointError, function(error){ // Ok now we know that Instagram is asking us to // prove that we are real users return challengeMe(error); }) .then(function(relationship) { console.log(relationship.params) // {followedBy: ... , following: ... } // Yey, you just followed an account });`

I can verify checkpoint OK but when login again and call Relationship that show message "Unhandled rejection AuthenticationError: Login required to process this request"

[alexrmacleod]

@XXWGXX @sagardalal21 @sppmaster

Does it make sense to setProxy after login seems to be working for me.

// And go for login
Client.Session.create(device, storage, user, password)
    .then(function (session) {
        Client.Request.setProxy('http://ip:port/'); // update proxy after login
        // Now you have a session, we can follow / unfollow, anything...
        // And we want to follow Instagram official profile
        return [session, Client.Account.searchForUser(session, user)] // finding id for my current var user 
    })

[pasevin]

Oddly enough, solution by @alexrmacleod worked out for me. I was getting challenged on my remote machine, while working with no problems on my local machine.

After moving proxy set up right after Client.Seesion.create, I have no more issues with getting challenged.

Anyone has an explanation why this works?

[ghost]

Which proxy did you use? I dont really get why a proxy rules this..

[sppmaster]

@itemimg because it helps to get a fresh IP. IG was always strictly with proxies. If you use data center proxies you might be blocked, you have to try changing provider to a non-well know one or try to step up your IP game.

[ghost]

@sppmaster Ahh got you, thanks! So I have to buy a proxy plan, proxy server or sth like this?

[sppmaster]

@itemimg yep

[JonathanMatthey]

@sppmaster @alexrmacleod - thanks for your work on this !

can you recommend any proxies ?

[alexrmacleod]

@JonathanMatthey @sppmaster @itemimg @pasevin @newstarbka @airfire @XXWGXX @sblim0126 @gitadept @comradefuzz @sagardalal21

I assume the challenge loop is due to instagrams geoip spam blocker

1: if you use an ip of a country on the other side of the world from where you last logged in it will result in a challenge loop 2: if you use a proxy ip in the same country or a country very near to you it should be fine and you don't need to setProxy after login 3: http://www.gatherproxy.com/proxylist/country/?c=Hong%20Kong is a good place to get proxies, pick one with high uptime and good response times, I found transparent proxys worked best for me 4: if you really want to step up your ip game buy an raspberrypi 3 install squid3, configure the conf file and go to a friends/ parents house and port forward their router to your squid proxy running on the pi and don't forget to use dynamicdns since isp's usually don't give static ips for home internet use.

here is how I setup my raspberry pi to make my own dedicated proxy if you are curious.

ip addresses for devices on wifi network arp -a

login for deb raspberry os sudo ssh pi@ip (.117 is home ip will change) ssh pi@ip

office address external public ip: xxx.xx.xx.xx:xxxx update blaah.ooguy.com sudo ssh pi@ip (.13 is home ip will change) changed static to sudo ssh pi@1ip external access this works for office when accessing it externally! -p = port ssh -p 22 pi@dynudns.com or ssh -l pi -p 22 ip

config to setup proxy sudo raspi-config sudo apt-get update sudo apt-get install squid3

squid stuff /etc/squid/squid.conf /var/log/squid/access.log sudo nano /etc/squid/squid.conf

in squid.conf unhash

acl localnet src 192.168.0.0/16 or #acl localnet src 10.0.0.0/8

http_access allow localnet

the in squid.conf comment https://stackoverflow.com/questions/10895711/squid-proxy-howto-allow-tcp-connect-getting-tcp-denial-400-with-err-invalid

Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports

http_access allow SSL_ports

and https://stackoverflow.com/questions/36319830/squid-proxy-error-403-tcp-how-to-fix http_access deny all to: http_access allow all

then add https://serverfault.com/questions/102668/remove-x-forwarded-for-header-in-squid-3-0 via off forwarded_for off follow_x_forwarded_for deny all request_header_access X-Forwarded-For deny all header_access X_Forwarded_For deny all

then change port in conf file to whatever you want xxxx 1234 or something http_port 3128

save and

sudo service squid restart sudo tail -f /var/log/squid/access.log

dyne ip update client do this after everything put in dynu.sh https://www.dynu.com/DynamicDNS/IPUpdateClient/RaspberryPi-Dynamic-DNS echo url="https://api.dynu.com/nic/update?username=alemac&password=xxxx" | curl -k -o ~/dynudns/dynu.log -K -

could try this dns org instead of dynu: https://www.dnsdynamic.org/ saw some tutioirals for pi setup online

manually change dynu put in browser https://api.dynu.com/nic/update?hostname=jeremy.ooguy.com&password=xxxx

at boot run for dyne ip update every 5 mins https://askubuntu.com/questions/23009/why-crontab-scripts-are-not-working

crontab -e original /5 ~/dynudns/dynu.sh >/dev/null 2>&1 update /5 /home/pi/dynudns/dynu.sh >/dev/null 2>&1

pi@raspberrypi:~ $ nano dynudns/dynu.log pi@raspberrypi:~ $ nano dynudns/dynu.sh

might have to reboot to make cron run or sudo service cron reload check if working run look for numbers with cmd: pgrep cron

https://www.youtube.com/watch?v=PUGPUYmr4lE actually gets installed as squid not squid3 https://stackoverflow.com/questions/5994907/command-to-restart-squid-proxy-server https://stackoverflow.com/questions/41318597/ssh-connection-refused-on-raspberry-pi https://elinux.org/R-Pi_Troubleshooting#Some_programs_refuse_to_accept_my_password password issue run this: gconftool-2 --type bool --set /apps/gksu/sudo-mode true

file on no extention https://discussions.apple.com/thread/132899

making ip on pi static and more dynamic dns tips https://raspberrypi.stackexchange.com/questions/6757/how-to-use-ssh-out-of-home-network nano /etc/dhcpcd.conf (check bottom https://electrondust.com/2017/11/25/setting-raspberry-pi-wifi-static-ip-raspbian-stretch-lite/) sudo /etc/init.d/networking restart ifconfig (to see if static ip has changed)

[JonathanMatthey]

@alexrmacleod - thanks - proxies worked perfectly !!

Raspberry pi setup looks fun !

i'm traveling right now, hence all these issues with my Instagram App, but once i get back will start tinkering with some hardware - finally put that engineering degree to some use... 👍 👍

[jblewdv]

@alexrmacleod How exactly would you use a proxy found on gatherproxy.com with this API? My app is running on Heroku, not locally. So is there a way to still use these proxies with an app hosted online?

[alexrmacleod]

@JonathanMatthey happy to help :)

@jblewdv pick a proxy in the same country as your Heroku server then, also when you pick your proxy from gatherproxy.com make sure it works by putting it in the browsers url, if it takes you to a default nginx, apache or squid server page or json response, then it might be working. Many proxies on gatherproxy.com might be redundant, so you gotta try a bunch until you find a stable one.

var proxy = '183.179.199.225:8080';
Client.Request.setProxy('http://' + proxy + '/');

// And go for login 
Client.Session.create(device, storage, user, password)
    .then(function (session) {

Or...

Client.Request.setSocks5Proxy('95.110.186.48', 14510); // note this has to be a Socks5 proxy
// And go for login 
Client.Session.create(device, storage, user, password)
    .then(function (session) {

Happy coding!

[shirond]

@alexrmacleod

I am still failing. My server is hosted in amazon while my account has been created in different region. I used a proxy in the same country of my server but that didn't help. Same for proxy which is in the country I used the account from the regular Instagram application. Any idea?

[alexrmacleod]

@shirond try many free proxies or a dedicated proxy one that you have to pay for because free proxies are not reliable and will be flagged as spam because well it's an open public proxy.

What type of challenge is it? text, email or geoip?

[Riyaz7364]

anyone found solution? is anyone tell me how to generate Instagram cookies from java??

[AlexanderProd]

Could anyone get the api to work with an established Instagram account? I've been running it on a aws server and with 2 established accounts (old and have a lot of posts) I've always been getting a challenge loop. But with relatively new one everything worked fine.

[Riyaz7364]

Update your app http://botapk.com/detail/igdoom-free-instagram-auto-followers?id=com.igdoom.comm

On Fri, Mar 8, 2019, 4:21 PM Alexander Hörl notifications@github.com wrote:

Could anyone get the api to work with an established Instagram account? I've been running it on a aws server and with 2 established accounts (old and have a lot of posts) I've always been getting a challenge loop. But with relatively new one everything worked fine.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/dilame/instagram-private-api/issues/394#issuecomment-470887932, or mute the thread https://github.com/notifications/unsubscribe-auth/AM1B85PkGLQTTeccjn2D6XORGFXfKYSjks5vUkDJgaJpZM4Q7ErO .

[yair5124]

When i got checkpoint error message from api, I have passed checkpoint by clicking "This was me" and tried again to call api but no luck. i got following message every time:

{ [RequestError: challenge_required]
  name: 'RequestError',
  message: 'challenge_required',
  json:
   { message: 'challenge_required',
     challenge:
      { url: 'https://i.instagram.com/challenge/5746353294/XiIA0cso5U/',
        api_path: '/challenge/5746353294/XiIA0cso5U/',
        hide_webview_header: true,
        lock: true,
        logout: false,
        native_flow: true },
     status: 'fail',
     error_type: 'checkpoint_challenge_required' } }

We have started getting exactly the same error a few days ago. We are using a proxy server service on the same country of the user.

Users now get a sequence of CheckpointErrors when calling Session.create():

1. The first CheckpointError is pointing to a 'Suspicious Login Attempt' error in Instagram App
2. After resolving it through Instagram App, login retry in the API result in another CheckpointError which is pointing to a location confirmation prompt in Instagram App
3. After resolving the location challenge in Instagram App users are still not able to login through API. They are still getting the same error.

Have anyone else encountered similar issues recently?

We are seeing this issue on latest (0.10.1) and older (0.7.1) versions of this API

[yair5124]

Following @XXWGXX comment we have replaced our proxy server and this solved the issue.

[TheNewAggregator]

Hello everybody,

I'm having a lot of checkpoint problems lately.

If someone has a solution to this, please email me:

My gmail is danielpaixaodp2021@gmail.com

Did you ( @newstarbka , @JonathanMatthey , @pasevin , @comradefuzz , @airfire , @yair5124 , @Riyaz7364 , @AlexanderProd , @alexrmacleod , @shirond , @XXWGXX ) have this kind of problem and fix it?

[elmissouri16]

Hello everybody,

I'm having a lot of checkpoint problems lately.

If someone has a solution to this, please email me:

My gmail is danielpaixaodp2021@gmail.com

Did you ( @newstarbka , @JonathanMatthey , @pasevin , @comradefuzz , @airfire , @yair5124 , @Riyaz7364 , @AlexanderProd , @alexrmacleod , @shirond , @XXWGXX ) have this kind of problem and fix it?

Stop fucking spamming everyone this not how you ask for help

[TheNewAggregator]

Really? Are you being rude to me?

How to do that my friend? Help me so.

Please, be polite.

On Fri, Aug 19, 2022 at 10:00 PM Elmissouri @.***> wrote:

Hello everybody,

I'm having a lot of checkpoint problems lately.

If someone has a solution to this, please email me:

My gmail is @.***

Did you ( @newstarbka https://github.com/newstarbka , @JonathanMatthey https://github.com/JonathanMatthey , @pasevin https://github.com/pasevin , @comradefuzz https://github.com/comradefuzz , @airfire https://github.com/airfire , @yair5124 https://github.com/yair5124 , @Riyaz7364 https://github.com/Riyaz7364 , @AlexanderProd https://github.com/AlexanderProd , @alexrmacleod https://github.com/alexrmacleod , @shirond https://github.com/shirond , @XXWGXX https://github.com/XXWGXX ) have this kind of problem and fix it?

Stop fucking spamming everyone this not how you ask for help

— Reply to this email directly, view it on GitHub https://github.com/dilame/instagram-private-api/issues/394#issuecomment-1221194331, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2QK3L5HSR6EDEQWBGUHFS3V2AU23ANCNFSM4EHMJLHA . You are receiving this because you commented.Message ID: @.***>

[JonathanMatthey]

🍿