84 comments

  • nkozyra 2 years ago ago

    > Many companies and tools are built on and rely on this API for their product & daily operations.

    Hopefully not their entire product. The first rule is don't build your company on the back of another, but I think the most important part is that if you do use another company, make sure you're fine if they disappear one day.

    The last time Facebook made major changes (ostensibly as a response to the Cambridge Analytica stuff, but that was just an excuse) a bunch of people got burned.

    My company did too but we always kept ourselves in a place where if it vanished we'd be - at worst - inconvenienced.

    This approach came because early on I was burned by Twitter changes that were more impactful.

    Most recent Twitter changes prove that even paying for access provides no guarantees.

    • i386 2 years ago ago

      this is easy to say as a comment on HN but unavoidable to a large degree for businesses in the marketing and social media space.

      • dylan604 2 years ago ago

        you play in the mud, you're going to get dirty. if your entire marketing company focuses on social, then why that doesn't fall into "all eggs, one basket" concept is beyond me. Sure, it's much easier to get a company rolling when you have to do nothing but use the product of someone else as the core of your business, but why that's not an immediate red flag to someone in that position is something i just don't understand.

        • BoorishBears 2 years ago ago

          This has got to be the most platitudes I've ever seen stuffed in a single comment... I almost want to say it's satire.

          But yeah, there's a lot of real valuable businesses built on existential risks. We're currently getting a reminder that our banking system puts all its eggs in the idea not too many people will ask for money at the same time.

          Optimizing for black swan events is just generally not good business.

        • lozenge 2 years ago ago

          Marketers and customer service need to be able to manage their social accounts, that's a product space which inherently relies on API access to those website. Maybe you wouldn't want to build that product, but clearly somebody will.

          • gloosx 2 years ago ago

            Could you just use API's IG app uses itself to manage accounts? And scrape the data you need with GET requests behind a proxy list? Before any public APIs everybody was doing it, is it any hard these days to fall back to regular user API instead of some fancy regulated 'developer-only' API?

            • altdataseller 2 years ago ago

              Its all rate limited. Inpossible to scrape

              • gloosx 2 years ago ago

                Rate limited for what? Totally possible to buy 1000 SOCKS5 proxies for cheap, what's the deal with the limit?

                • altdataseller 2 years ago ago

                  They block datacenter IPs. Yiu need residential IPs.

                  • gloosx 2 years ago ago

                    I'm pretty sure rate-limiting or blocking something using IP is not robust at all (except you wanna protect from teenagers?)

                    IP proxies are sold for cheap en masse, datacenter, residential, regional, whatever filter you like.

                    • altdataseller 2 years ago ago

                      Have you even attempted to scrape Instagram? You're just throwing hypotheticals at me, but the reality is different if you even attempted to do it.

                      • gloosx 2 years ago ago

                        I'm pretty sure because I scraped a lot of stuff, maybe not Instagram but I don't see how it's any different. Reality of protocols is quite stable, and as long as you can send HTTP requests to Instagram servers and get documents back, you can find a way to scale it.

                        • altdataseller 2 years ago ago

                          Again, do it first, then talk. Everything you're saying is pure theory, which holds no substance here. Do it, then talk.

        • helsinkiandrew 2 years ago ago

          Sorry that’s nonsense. Companies spend hundreds of billions of dollars on FB and IG marketing (presumably because they see a benefit) and are willing to pay companies to help them do it.

          Many companies large and small rely on getting most of their business from a single entity, whether that’s the US military, Ford, or contractors working at a local company.

          No business opportunity will last forever

          • 1attice 2 years ago ago

            > No business opportunity will last forever

            Typically, one tries (if one can) to build a business larger than a single opportunity.

            • altdataseller 2 years ago ago

              Of course, that doesnt need to be said. But tell that to the entrepreneurs that sold businesses that rely on another platform for millions of dollars. If they listened to your advice, they would probably be nowhere as wealthy

      • Waterluvian 2 years ago ago

        Yeah, I don’t think it’s right to say “never try.” It’s more, “never lose sight at how brittle your business is. The other company owes you nothing if it’s not written in a contract. You aren’t a victim when it breaks your business.”

      • LadyCailin 2 years ago ago

        Part of these types of businesses is accepting that risk then, and knowing that despite doing everything right, your business may be unceremoniously shut down because of some PM’s whim. I wouldn’t want to be in that kind of position, but I guess more power to those that do.

      • nkozyra 2 years ago ago

        Well these are riskier businesses to start for this reason.

        I did cage it by saying make sure your whole company doesn't collapse if one API gets shut down.

      • uoaei 2 years ago ago

        That is a risk of doing business. If they don't anticipate this kind of thing and build contingencies around it, they are simply bad at business.

        "Free market for thee, but not for me" is not a strong argument in any context.

        • i386 2 years ago ago

          Risk without risk mitigation is just bad business.

          • BoorishBears 2 years ago ago

            You don't understand risk or business if you think a good business mitigates all risks, or even its largest risks.

            The biggest risk for a medical company is harming patients. Do they just throw up their hands and stop being a medical company?

            The biggest risk for social media firm is the social media they serve through goes down. So what, they throw up their hands and stop being a social media firm?

            • ipaddr 2 years ago ago

              The biggest risk is losing all money and going out of business. Harming patiences are a cost.

            • i386 2 years ago ago

              Absolutely not what I am saying, please read up.

    • WA 2 years ago ago

      I have the same attitude and it is severely restricting my creativity. While I think "don’t build on other peoples APIs", others just launched many tools built on top of Instagram, OpenAI, Twitter and whatnot.

      By now I feel like it’s better to build on top of an API, be aware that it might go away one day but make money while it lasts, which can be many years.

    • princevegeta89 2 years ago ago

      Sorry but APIs aren't meant to be broken at anytime. That's what they are for. That is the unwritten part of the so called contracts/agreements.

      I do not understand how the idea of not building a company on the back of another is possible. We rely on other companies for deployments, hosting, reporting, monitoring, payments, billing and security etc. Some may be less critical than others but how can you avoid your reliance on other companies at all?

      • brookst 2 years ago ago

        It’s about diversification. Don’t build a company entirely dependent on a single other company that can’t be replaced.

        If your payment provider stops offering payments, it’s annoying but not existential. If your whole business is reselling a single artist and they die or switch to a different gallery, you’re done.

      • kaetemi 2 years ago ago

        Ensure you have a backup supplier that you can switch to.

        • j45 2 years ago ago

          Very true. It’s a small but very helpful act of looking out for your future self to generalize access to APIs or multiple providers in your codebase via your own concept of accessing a list of service providers can be easily swapped out or added to.

      • marpstar 2 years ago ago

        GP's advice generally applies when talking about integrating with a third party API to provide data as a "input" to your business. The things you listed (deployment, hosting, monitoring...) are all after-the-fact concerns, and are generally interchangeable in a way that the API output schema (or systems uptime) for a particular service is not.

    • paulddraper 2 years ago ago

      > The first rule is don't build your company on the back of another

      What's the over-under on # of companies built on AWS?

    • omk 2 years ago ago

      True. The Twitpic story comes to mind.

  • i386 2 years ago ago

    My startup is a consumer of the Graph API for Instagram (OP appears to be using Dispay API). We have about 1000 loc that just deal with weird user specific bugs in their API and it’s impossible to give feedback about it to anyone at Meta.

    OP - is there a way to contact you? Drop me a DM on ig Instagram.com/i386 I may be able to help with a workaround

  • barbazoo 2 years ago ago

    Not sure if they fixed it yet but starting a month or so ago FB disabled creating test users which broke our release process in one corner of the org. Same thing you mentioned, lots of bug reports, no response other than boilerplate 1st level support.

    I don't mind it though, long term that's good news as it'll let us remove any dependencies we have on FB.

  • s1k3s 2 years ago ago

    I mean, Meta's developer terms literally say you agree they can take your product at any time and turn it in their own product without prior notification. And that's on top of "we can change anything, we can cut out your access at any time" etc. So yeah, do you really expect anything from these companies? Don't make your product rely on them.

  • mjdowney 2 years ago ago

    There is nothing more frustrating than a status page that lies about the state of an API. Feels like insult + injury. I'd rather they not even have a status page!

    • xwdv 2 years ago ago

      Unfortunately almost all status pages are for gaslighting purposes when things get really bad.

      Easier to tell a developer they’re crazy and their code was wrong than to admit to downtime and violate any SLAs.

    • reustle 2 years ago ago

      There have been various attempts to create status pages that aren’t controlled by the companies they are watching. Not sure which are the most popular now.

  • egberts1 2 years ago ago

    Meta (Facebook/Instagram) must have not taken the Twitter route during their mass layoffs.

    You cut non-essential folks firstly and critical operational personnel lastly.

    • cldellow 2 years ago ago

      I gather you haven't tried to use the Twitter Ads API lately. :) This is literally an API that makes it easier for people to give money to Twitter. And yet it's seemingly abandoned since the Musk takeover, with the old documentation taken down and the support forums ignored.

      • egberts1 2 years ago ago

        Is it still in Elon Musk's business model, perhaps that's what he wanted.

    • blululu 2 years ago ago

      They probably tried to do that but without a complete understanding of who does what exactly. Imagine a clueless manager lists out who on their team does what. Imagine the clueless manager got canned and now someone one or two steps removed needs to assess who does what. You don’t get to a layoff by being a well managed org, so you typically don’t execute the layoff very well.

    • femiagbabiaka 2 years ago ago

      Twitter didn’t take that route either.

    • kleinsch 2 years ago ago

      Nice snark, but layoffs in Nov were primarily business, most recent round doesn’t actually start in tech until April.

    • paxys 2 years ago ago

      You are right the Twitter API is so usable right now..

  • Arbortheus 2 years ago ago

    GET for creating access tokens seems like the incorrect request type.

    • dbalatero 2 years ago ago
    • i386 2 years ago ago

      Welcome to Meta API

    • contravariant 2 years ago ago

      Using GET to request a resource, kind of makes sense. Usually you want to send some information to the endpoint as well though, which makes a GET a bit awkward.

      • jeroenhd 2 years ago ago

        GET should be idempotent, so if the request is repeated by the browser/a proxy/a user hitting F5, it should not matter. This is why some websites with inadequate password reset email links don't work if your company/ISP/email provider implements link scanning, as the automated service already clicked the super secret one-time link (and if the website is following the spec, that should be totally fine).

        As long as the GET requests returns the same or equivalent API data every time they make total sense. For an access token, that's perfectly fine, assuming they don't generate a new token with every request of course.

  • reddec 2 years ago ago

    Did you try POST (regardless of docs)?

  • Traubenfuchs 2 years ago ago

    It‘s calming to see that even big tech is unable to properly manage their APIs including completely useless error massages and communication silence.

  • turnsout 2 years ago ago

    I really hope more users discover Pixelfed. As a developer, it was so easy to work with (99% people of the time just treat it like the Mastodon API).

    • zimpenfish 2 years ago ago

      I'm hoping that someone makes a Pixelfed-alike with a sane stack like Elixir or Go. The installation guide is just a bit too long and faffy for me right now.

      • turnsout 2 years ago ago

        If enough people show up, that will happen, just like it has with Mastodon

  • helsinkiandrew 2 years ago ago

    Saw this a few months ago (strangely it seems ok for us at the moment) With no response or acceptance there was a problem from FB it started working 2 weeks later.

    If your users are professional/business you should be using the graph API - this is much better supported/tested. To me the display/basic API feels like something that isn’t that integral to FB and could be dropped at any time.

  • Animats 2 years ago ago

    Your problems mean nothing to us, puny startups!

  • twodave 2 years ago ago

    Status pages aren’t for providing transparency or customer service or anything else besides enforcing contracts.

  • jurassic 2 years ago ago

    I feel like “thing broken, status page green” has almost become a meme at this point. We need to do better here.

  • xkcd1963 2 years ago ago

    They created a complete mess. One would think such a high prestige employer would employ competent managers and software developers, but that does clearly not translate to what they produce. Lots of words, little deeds. And then they decide to lay off people and it apparently makes it only worse.

  • fsckboy 2 years ago ago

    I'll try to give different advice from what I see here: if you build your company on Istagram's API, make sure the network effects of your product encourage use of Instagram and that use benefits its owners; then they won't want your access to go away.

  • luxuryballs 2 years ago ago

    The FBI must have warned them about some upcoming Russian propaganda /s

  • benguild 2 years ago ago

    Instagram’s API tokens constantly expire for me regardless of whether they’re supposed to be “long-lived” or not. They last like 90 days which is super annoying.

    • i386 2 years ago ago

      You need to keep using the tokens for them to remain valid. Have a daily job that fetches the users basic profile info like /accounts/me to keep them valid

      • mrloop 2 years ago ago

        I'm building an integration that will use a long lived token once a month. In your experience will a long lived token expiry if not used for a month? How long do they remain valid until expiring from not being used?

        • i386 2 years ago ago

          About three months for long lived tokens in my experience. My recommendation would be to use them weekly.

  • greatjack613 2 years ago ago

    Did you double check that other people are having this issue? Seems very likely that this could be something affecting just your access key or something like that

  • gregjor 2 years ago ago

    Good news, like shutting off a leaky sewer pipe.

    • unxdfa 2 years ago ago

      That’s the best description I’ve heard for instagram.

      • adhesive_wombat 2 years ago ago

        Not really, since it implies the "leak" is unintentional.

  • VWWHFSfQ 2 years ago ago

    > Many companies and tools are built on and rely on this API for their product & daily operations.

    Will you people ever learn.

  • 0xfacfac 2 years ago ago

    lol Did Elon acquire Instagram too?

  • 360macky 2 years ago ago

    Oh that's awful. I'm developing my first app with Instagram Display API.

  • Graphguy 2 years ago ago

    Status page seems updated now.

  • the_gipsy 2 years ago ago

    Ooh, did someone get addicted to crack? mocks tears

    Don't build on platforms, build on protocols.

  • meghan_rain 2 years ago ago

    Well, did you try a POST?

  • moneywoes 2 years ago ago

    Is it only your product?

  • mangotab 2 years ago ago

    [dead]

  • pacifika 2 years ago ago

    [flagged]

  • hislaziness 2 years ago ago

    Impact of the layoffs?

  • jeroenhd 2 years ago ago

    I don't know what you've already checked, but the lowercase `get` in the error message seems suspicious. Are you sure you're sending a `GET` and not a `get`? HTTP verbs are case sensitive, after all.