Skip to content

Instagram Client ID

Service Name: Instagram (Meta)

Service Description: Instagram is a social media platform owned by Meta (formerly Facebook) that allows users to share photos and videos. Instagram's API enables developers to build applications that interact with Instagram's features, users, and data.

Service Address: https://developers.facebook.com/docs/instagram-api/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Meta for Developers dashboard under App Settings > Advanced > Security.

Secret Access Scope: Grants access to Instagram API endpoints based on the permissions requested during app creation. Can access user data, post content, retrieve media, and interact with Instagram features depending on the scopes granted.

Secret Revokement URL: https://developers.facebook.com/apps/

Secret Example: 1234567890123456

Suspicious Activity Investigation Instructions:

  • Review the Meta for Developers dashboard for unusual API usage patterns
  • Check the app's activity log for unauthorized access or unexpected API calls
  • Monitor for unexpected changes to app settings or permissions
  • Verify if there are any user complaints about unauthorized posts or actions
  • Review webhook subscription activities if configured

Mitigation Instructions:

  • Log in to the Meta for Developers dashboard at

https://developers.facebook.com/apps/

  • Select the compromised app
  • Navigate to App Settings > Basic
  • Reset the Client Secret by clicking "Reset Secret"
  • Consider creating a new app and migrating legitimate users
  • Review and update app permissions to limit access to only necessary scopes
  • Enable additional security features like App Review
  • Update any IP restrictions in the Advanced Security settings
  • Revoke access tokens for any compromised user accounts
  • Update your application code to use the new credentials