Instagram Graph API
Updated Jun 1, 2026
The Instagram Graph API is Meta's official REST API for Business and Creator accounts. It is the endpoint set that every legitimate Instagram automation, scheduling, analytics, or commerce product runs through. The Basic Display API was deprecated in 2024; the Graph API is the only forward-compatible surface.
The major resources: /{ig-user-id}/media for posts and Reels, /{ig-user-id}/conversations and /{ig-user-id}/messages for DMs, /{ig-media-id}/comments for comment read and reply, /{ig-media-id}/insights for per-post analytics (reach, impressions, plays, saves, shares — note video_views was deprecated for non-Reels in Graph v21), and /{ig-user-id}/insights for account-level metrics. Webhooks are subscribed at the app level via /{app-id}/subscriptions.
Access tiers
Every app starts in Development mode with access limited to admins, developers, and test users. Production traffic requires Advanced Access on each permission (instagram_business_basic, instagram_business_manage_messages, instagram_business_manage_comments, instagram_business_content_publish), which is granted through App Review with screen recordings demonstrating the integration. Meta Tech Providers get a streamlined review path.
Error codes worth memorizing
4— Application request limit reached. Re-enqueue with backoff.10— Permission denied or message outside allowed window.190— Invalid OAuth token. Deactivate and prompt re-auth.551— User cannot receive messages right now. Skip, don't retry.613— Rate limit. Honor the rolling window.80007/2534014— Private reply window violations.
Gotchas
Rate limits are computed by business use case, with a baseline of 200 × DAU calls per hour, scaled by engagement. Webhook deliveries are subject to the same back-pressure — bursts get spread across the rolling window. Field permissions are checked per-call, so missing scopes return 200 with a stripped payload, not a 4xx. Always assert on the fields you expected, not on HTTP status alone.
For monetization-specific endpoints, see Branded Content API.
Related terms
API
Instagram Webhook
A signed HTTP POST from Meta to a developer-controlled URL when an event happens on a connected Instagram account — a new comment, message, or mention. The trigger that powers real-time DM automations.
API
Long-Lived Access Token
A 60-day OAuth token Meta issues to apps that need persistent access to an Instagram account. Refreshed before expiry. The token an auto-DM platform stores to call the Graph API on a creator's behalf.
API
Branded Content API
Meta's API for sponsored-content workflows. Lets brands run paid promotions on a creator's organic post, attribute results, and access view-count data without scraping.
Read more