Open jlobos opened 6 years ago
From what I found in their JS
Currently x-instragram-gis is an md5, but it has changed multiple time in the last weeks. Also it's only sent for some endpoints and not for every request. I feel like it's not mandatory but when passed in header it's checked and must be valid
window._sharedData.rhx_gis + ':' + window._sharedData.config.csrf_token + ':' + path
window._sharedData.rhx_gis is an md5 window._sharedData.config.csrf_token is an md5
Problem
rhx_gis
token and csrf_token
change on every request.
So it will be quiet hard for you to generate it
Example for an hashtag
GET /explore/tags/hello/
MD5("5641c11aeb7f211ec1ac05193a687b84:8d509c28896865f8640f328f30f15721:/explore/tags/hello/")
Some endpoints, like this important https://www.instagram.com/zuck/?__a=1 Are not available now, maybe because this header, maybe no. What do you think?
You are right, for the moment I'v listed few endpoints that need that header. I'm not using all endpoints so there is probably more and I'm also not using this library (I use my custom one)
# profil endpoint
- /<username>/
# hashtag endpoint
- /explore/tags/<hashtag>/
# picture endpoint
- /p/<shortcode>
The main issue with this change, is the need of the original gis token, which is present in the initial html payload but not generated. If you delete this value, the web version of instagram actually 403 and then force reload the page :/
any new infos?
Has Instagram changed something again? getUserByUsername
worked yesterday but started failing with 403 today.
getUserByUsername
calculate the x-instagram-gis
window._sharedData.rhx_gis + ':' + path
Example
MD5("5641c11aeb7f211ec1ac05193a687b84:/username/")
https://github.com/jlobos/instagram-web-api/blob/master/lib/index.js#L95-L103
async _getGis(path) {
const { rhx_gis, config: { csrf_token } } =
this._sharedData || (await this._getSharedData(path))
return crypto
.createHash('md5')
.update(`${rhx_gis}:${csrf_token}:${path}`)
.digest('hex')
}
Apparently, they've stopped using the CSRF token for the "gis" hash. I've just tried @WINBIGFOX 's suggestion, and it works.
now i have this error:
Missing token 'user-agent' in CORS header 'Access-Control-Allow-Headers' from CORS preflight channel
my code: `var variables = '{"id":"' + userId + '","first":12,"after":"' + nextId + '"}'; var nextUrl ='https://www.instagram.com/graphql/query/?query_hash=42323d64886122307be10013ad2dcc44&variables=';
nextUrl = nextUrl + variables;
var instagramGis = md5(gis + ":" + variables);
$.ajax({
url: nextUrl,
url: nextUrl,
beforeSend: function(request) {
request.setRequestHeader("user-agent", window.navigator.userAgent);
request.setRequestHeader("x-instagram-gis", instagramGis);
request.setRequestHeader("X-CSRFToken", csrfToken);
},
type: 'GET',
success: function(data){
media = data.data.user.edge_owner_to_timeline_media;
nodes = media.edges;
nextId = media.page_info.end_cursor;
var newMediaFromNode = getMediaFromNodes(nodes, false);
$.each(newMediaFromNode, function(index, element){
finalMedia.push(element);
});
},
error: function (xhr, status, error) {
alert(error);
},
async : false
});`
any idea how to fix it?
there are so much new info about new headers. When the lib will be fixed? Because I use this API in my final project and this makes me mad, because I can't develop it more =(
@tresdosdos Does your project use the version from npm or the latest master branch? The master branch works fine currently but I don't think the changes have been published to npm yet. In order to use it you need to install it like this:
npm install jlobos/instagram-web-api
Thanks so much
сб, 21 апр. 2018 г., 8:30 Ivaylo Stoyanov notifications@github.com:
@tresdosdos https://github.com/tresdosdos Does your project use the version from npm or the latest master branch? The master branch works fine currently but I don't think the changes have been published to npm yet. In order to use it you need to install it like this:
npm install jlobos/instagram-web-api
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jlobos/instagram-web-api/issues/30#issuecomment-383269179, or mute the thread https://github.com/notifications/unsubscribe-auth/AinH5ZQ0oNi5wO8H169mVYZxUEjp1hhKks5tqsP6gaJpZM4TRDvg .
[edit: delete]
seem its not work anymore
New header of authentication