So I got the error {"meta": {"error_type": "OAuthAccessTokenException", "code": 400, "error_message": "The access_token provided is invalid."}} when trying to build an Instagram feed on a website using sandboxed users.
Turns out I missed a line in the documentation.
I was trying to access the API using a string looking like this
https://api.instagram.com/v1/users/self/media/recent?access_token=22a7748014dd4a66b0dc275342787661
The code 22a7748014dd4a66b0dc275342787661 was the access code I got from running the oauth/authorize url stated in the Instagram documentation
https://api.instagram.com/oauth/authorize/?client_id=CLIENT_ID&redirect_uri=http://localhost/&response_type=code
This was of course correct if I was trying to build an app requiring me to be out of the sandbox. Take note of the last part of the url, response_type=code. What we where looking for was an access token and not the code.
Changing the last parameter to token resulted in this url
https://api.instagram.com/oauth/authorize/?client_id=CLIENT_ID&redirect_uri=http://localhost&response_type=token
And I got the correct access back enabling me to fetch the latest 20 posts from the feed.
https://api.instagram.com/v1/users/self/media/recent?access_token=3114216156.42bf23b.22a7748014dd4a66b0dc275342787661
Note the difference of the access_tokens in the urls.
Cheers
