[jeroenhd]

Instagram bot detection works well, too well for tools like these. They'll work for a short while, especially if you only use it yourself, but the API will quickly lie to you ("account does note exist") once they think you're a bot.

Your online demo already shows 404s for accounts I know exist.

I think the only way to get stable access to the API is to take over a device running the official app. I've been considering looking into running Android apps headlessly with Frida hooks for this purpose (should be possible on Linux through Anbox?) exactly because of the annoying not detection frameworks.

All I want is to show the stupid pictures a friend or family member linked me without having to hand over my data to these leeches. I guess that's exactly what their business model is all about, though.

[menzoic]

You don't need to use a device. You can use a User-Agent header to make it look like a real device and use a proxy with an IP that a normal user would use

[jeroenhd]

No, that doesn't work for long enough. It appears to work for a while and then it just breaks. Very basic passive fingerprinting is enough to block something as simple as that.

Sending the right user agent (and other headers) will work for most sites, but in my experience it's not enough for Instagram.

[orsifrancesco]

correct.. this is what the original repo https://github.com/orsifrancesco/instagram-without-api-node does

[orsifrancesco]

correct.. normally the token expires after weeks but.. it expired soon when suddenly thousands of people made requests.. ;) I will fix it