Authentication

Introduction

Feedframer uses a simple API key authentication system. Each connected Instagram account has its own unique API token that grants access to that account's Instagram data. This approach is intentionally simple because Feedframer serves read-only, publicly-available Instagram content.

API Keys

Obtaining Your API Key

Each connected Instagram account has its own unique API token. To view your API tokens:

1. Log in to your dashboard
2. Navigate to Settings → API Keys
3. Find the Instagram account you want to use
4. Copy that account's API token (64-character hexadecimal string)

API Key Format

API keys are 64-character hexadecimal strings that look like this:

a1b2c3d4e5f6789012345678901234567890abcdefghijklmnopqrstuvwxyz1234

Making Authenticated Requests

Include your API key as a query parameter named api_key in all API requests:

REST API

GET https://feedframer.com/api/v1/me?api_key=YOUR_API_KEY

GraphQL API

POST https://feedframer.com/graphql?api_key=YOUR_API_KEY

Code Examples

cURL

curl 'https://feedframer.com/api/v1/me?api_key=YOUR_API_KEY'

JavaScript (Fetch API)

const apiKey = 'YOUR_API_KEY';
const url = `https://feedframer.com/api/v1/me?api_key=${apiKey}`;

fetch(url)
  .then(response => response.json())
  .then(data => console.log(data))
  .catch(error => console.error('Error:', error));

PHP

<?php

$apiKey = 'YOUR_API_KEY';
$url = "https://feedframer.com/api/v1/me?api_key={$apiKey}";

$response = file_get_contents($url);
$data = json_decode($response, true);

print_r($data);

Python

import requests

api_key = 'YOUR_API_KEY'
url = f'https://feedframer.com/api/v1/me?api_key={api_key}'

response = requests.get(url)
data = response.json()

print(data)

Client-Side Usage

Public API Keys

Feedframer is designed for client-side usage. Your API key can be safely exposed in browser requests because:

• 📱 The API serves publicly-available Instagram data only
• 🔒 Each key only accesses your own connected Instagram accounts
• 🚫 No sensitive or private data is exposed
• ⚡ Client-side requests reduce server load and improve performance

Where to Use Your API Key

✅ Client-Side JavaScript (Recommended)

Perfect for modern web applications:

// React, Vue, vanilla JavaScript - all work great!
const apiKey = 'YOUR_API_KEY';
const url = `https://feedframer.com/api/v1/me?api_key=${apiKey}`;

fetch(url)
  .then(response => response.json())
  .then(data => console.log(data));

✅ Server-Side Code

Also works for server-rendered applications:

// Next.js API Route
export default async function handler(req, res) {
  const apiKey = 'YOUR_API_KEY';
  const response = await fetch(`https://feedframer.com/api/v1/me?api_key=${apiKey}`);
  const data = await response.json();
  res.json(data);
}

✅ Public Repositories

Since the data is public, it's okay to include your API key in:

• Frontend code
• Public GitHub repositories
• Code examples and tutorials
• Demo applications

What Happens If My Key Is Leaked?

If someone obtains your API key, they can:

• ✅ View your public Instagram posts (already public on Instagram)

They cannot:

• ❌ Access private data
• ❌ Modify or delete your Instagram accounts
• ❌ Access other users' data
• ❌ Change your Feedframer settings

If someone abuses your token, disconnect and reconnect the Instagram account to get a new token. Since there are no rate limits, the main concern is unauthorized access to your posts data (which is already public on Instagram).

Managing Your API Keys

Your Instagram account API tokens are automatically generated when you connect an Instagram account to Feedframer. Each token is permanent and tied to that specific Instagram account.

If you need a new API token:

• Disconnect and reconnect the Instagram account to generate a new token
• The old token will be immediately invalidated

Note: Disconnecting an Instagram account will invalidate its API token. All applications using that token will stop working until you reconnect and update to the new token.

Authentication Errors

Missing API Key

Error Response:

{
  "errors": [
    {
      "status": "401",
      "code": "MISSING_API_KEY",
      "title": "Authentication Required",
      "detail": "API key is required. Include it as a query parameter: ?api_key=YOUR_KEY"
    }
  ]
}

Solution: Ensure you're including the api_key query parameter.

Invalid API Key

Error Response:

{
  "errors": [
    {
      "status": "401",
      "code": "INVALID_API_KEY",
      "title": "Authentication Failed",
      "detail": "The provided API key is invalid."
    }
  ]
}

Solution: Verify you're using the correct API key from your settings page.

Rate Limiting

Both Free and Premium tiers have unlimited API requests per month. Feedframer uses edge caching instead of traditional rate limiting to ensure fast performance and fair usage.

See Caching & Performance for details on how caching works.

API Key Permissions

All API tokens have the same permissions:

• ✅ Read Instagram posts for that specific account
• ✅ Read Instagram account information
• ✅ Filter, sort, and paginate data
• ❌ Modify or delete data
• ❌ Access other Instagram accounts
• ❌ Access other users' data

Each API token is scoped to a single Instagram account and can only access data for that account.

Multiple API Keys

Feedframer automatically provides one unique API token for each Instagram account you connect. This means:

• Each Instagram account has its own dedicated API token
• You can have multiple tokens if you connect multiple Instagram accounts (Premium tier)
• Each token only provides access to that specific Instagram account's data
• Different applications can use different tokens for different accounts

CORS and Browser Requests

Feedframer's API fully supports Cross-Origin Resource Sharing (CORS) for browser-based requests. This means you can call the API directly from your frontend JavaScript without any CORS errors.

CORS Support

• ✅ All origins are allowed
• ✅ Works with React, Vue, Angular, vanilla JS
• ✅ No proxy server needed
• ✅ Perfect for JAMstack and static sites

Example: Fetch from any domain

// Works from any website domain
fetch('https://feedframer.com/api/v1/me?api_key=YOUR_KEY')
  .then(res => res.json())
  .then(data => console.log(data));

Testing Authentication

Use the API Playground or GraphQL Explorer in your dashboard to test authentication without writing code. Both tools automatically include your API key in requests.

Next Steps

• REST API Reference - Complete REST API documentation
• GraphQL API Reference - Complete GraphQL documentation
• Caching & Performance - Understand edge caching
• Error Handling - Handle authentication errors