All geek questions in one place

How does Instagram block its private API endpoint for uploading photos?

I am going to create a REST API for the mobile application I'm working on. Like Instagram, I am considering blocking some endpoints so that they can only be accessed from my mobile application (for example, the endpoints of their photo uploads).

Does anyone have an idea of โ€‹โ€‹how they blocked certain endpoints just for their application? I assume that a possible solution was to use a shared secret to sign these specific requests and verify it on the server side before processing the download.

+4
source share
1 answer

It looks like they

  • Check the request header for User-Agent == "Instagram"
  • Verify that a valid set of authentication cookies exists.
  • Sign the body of your requests with some kind of hash.

I am not sure how the hash is created.

Check this out for any documentation, but it looks like the authentication section has been muted.

https://github.com/mislav/instagram/wiki

+2
source

Source: https://habr.com/ru/post/1441993/

More articles:


All Articles