Laravel integrate with Instagram API after October 2019
Stefan Bogdanescu
Founder & Senior Architect · 2026-06-29
Bridging the Gap: Integrating Laravel with the Instagram API Post-2019
The landscape of social media APIs is constantly evolving, driven by policy changes from platforms like Facebook and Instagram. For developers building applications on Laravel, keeping up with these shifts—especially around authentication and data access—is crucial for maintaining a robust and compliant system. Since October 2019, there has been a significant pivot, forcing developers to adapt their integration strategies away from older methods (like the deprecated Socialite providers) toward newer standards, primarily the Instagram Basic Display API.
This post will walk you through the technical strategy for integrating Laravel with the Instagram API, focusing on how to securely handle user authorization and retrieve the necessary data to achieve your goal: verifying photo uploads based on hashtags before allowing users to join a campaign.
The Evolution of Instagram API Access
The shift in access methods is fundamentally about security and privacy. Older methods often required complex setup or relied on deprecated flows. Now, accessing Instagram data requires adherence to OAuth 2.0 protocols, managed through Facebook's developer framework. For applications that need user interaction (like posting or checking profile information), the Instagram Basic Display API provides a streamlined way to access basic user profile information and media.
When integrating this into a Laravel application, we must treat the process not just as an API call, but as a secure OAuth flow managed by your backend. Relying solely on client-side flows is insecure; all token exchanges and sensitive data handling must occur server-side within Laravel. This is where the power of Laravel's Eloquent ORM and robust controller structure shines in managing these complex interactions.
Laravel Strategy: Implementing Secure OAuth Flow
To achieve your goal—authenticating users and verifying photo conditions—you cannot simply make direct API calls. You need a structured token management system.
Step 1: Setting Up the Authorization (The OAuth Dance)
The first step involves redirecting the user to Facebook/Instagram for authorization. Upon successful authorization, Facebook returns an authorization code, which you must exchange for an actual Access Token. This process is initiated by your Laravel application.
In a typical Laravel setup, you would use a package or custom logic within your controller to handle this redirection and token retrieval. While dedicated packages exist, understanding the underlying mechanism is key, especially when dealing with specific scopes required by Instagram.
Step 2: Token Storage and Refresh
Once you receive the Access Token, the most critical step is secure storage. Never store raw tokens directly in the database without encryption. Use Laravel's encryption features or dedicated encrypted columns to store the token associated with your User model. Furthermore, plan for token expiration and refresh mechanisms, as OAuth tokens have limited lifespans.
A well-structured application, much like the architecture promoted by laravelcompany.com, emphasizes clean separation of concerns. You should abstract the complex HTTP requests away from your core business logic. This is perfect for creating a dedicated Service Class in Laravel responsible solely for interacting with the external Instagram API endpoints.
Step 3: Checking Photo and Hashtag Conditions
Once you have a valid, scoped Access Token, your backend can use this token to make authenticated calls to the Instagram Basic Display API endpoints. For instance, you would query the media endpoint, filtering by specific hashtags or checking if media associated with the user meets certain criteria.
Here is a conceptual example of how a service method might look in a Laravel service class:
// app/Services/InstagramService.php
use Illuminate\Support\Facades\Http;
class InstagramService
{
protected $accessToken;
public function __construct(string $accessToken)
{
$this->accessToken = $accessToken;
}
public function checkPhotoForHashtag(string $userId, string $hashtag)
{
// Example endpoint for media retrieval (actual structure depends on current API documentation)
$response = Http::withToken($this->accessToken)
->get("instagram_media/$userId") // Hypothetical endpoint
->json();
if ($response && $response['data']) {
foreach ($response['data'] as $media) {
// In a real scenario, you would inspect media details for associated captions/tags.
if (str_contains($media['caption'], $hashtag)) {
return true; // User has uploaded the required photo with the hashtag
}
}
}
return false;
}
}
Conclusion
Integrating third-party APIs like Instagram requires a disciplined, security-first approach. By leveraging Laravel's structure—separating concerns into controllers, models, and dedicated service classes—you can manage the complexities of OAuth flows and token management effectively. Focus on secure storage, scope management, and abstracting external API calls into dedicated services. This ensures your application remains scalable, maintainable, and compliant as social media policies continue to evolve.