SwiftyInsta : Instagram Unofficial Private API Swift

Instagram offers two kinds of APIs to developers. The Instagram API Platform (extremely limited in functionality and close to being discontinued), and the Instagram Graph API for Business and Creator accounts only.

However, Instagram apps rely on a third type of API, the so-called Private API or Unofficial API, and SwiftyInsta is an iOS, macOS, tvOS and watchOS client for them, written entirely in Swift. You can try and create a better Instagram experience for your users, or write bots for automating different tasks.

These Private API require no token or app registration but they’re not authorized by Instagram for external use. Use this at your own risk.

Installation

Swift Package Manager (Xcode 11 and above)

  • Select File/Swift Packages/Add Package Dependency from the menu.
  • Paste https://github.com/TheM4hd1/SwiftyInsta.git.
  • Follow the steps.

CocoaPods

CocoaPods is a dependency manager for Cocoa projects. You can install it with the following command:

$ gem install cocoapods

To integrate SwiftyInsta into your Xcode project using CocoaPods, specify it in your Podfile:

use_frameworks!

target ‘<Your Target Name>’ do
pod ‘SwiftyInsta’, ‘~> 2.0’
end

Then, run the following command:

$ pod install

SwiftyInsta depends on CryptoSwift and keychain-swift.

Login

Credentials

// these need to be strong references.
self.credentials = Credentials(username: /* username */, password: /* password */, verifyBy: .text)
self.handler = APIHandler()
handler.authenticate(with: .user(credentials)) {
    switch $0 {
    case .success(let response, _):
        print("Login successful.")
        // persist cache safely in the keychain for logging in again in the future.
        guard let key = response.persist() else { return print("`Authentication.Response` could not be persisted.") }
        // store the `key` wherever you want, so you can access the `Authentication.Response` later.
        // `UserDefaults` is just an example.
        UserDefaults.standard.set(key, forKey: "current.account")
        UserDefaults.standard.synchronize()
    case .failure(let error):
        if error.requiresInstagramCode {
            /* update interface to ask for code */        } else {
            /* notify the user */        }
    }
}

Once the user has typed the two factor authentication code or challenge code, you simply do

self.credentials.code = /* the code */

And the completionHandler in the previous authenticate(with: completionHandler:) will automatically catch the response.

LoginWebViewController (>= iOS 12 only)

let login = LoginWebViewController { controller, result in
    controller.dismiss(animated: true, completion: nil)
    // deal with authentication response.
    guard let (response, _) = try? result.get() else { return print("Login failed.") }
    print("Login successful.")
    // persist cache safely in the keychain for logging in again in the future.
    guard let key = response.persist() else { return print("`Authentication.Response` could not be persisted.") }
    // store the `key` wherever you want, so you can access the `Authentication.Response` later.
    // `UserDefaults` is just an example.
    UserDefaults.standard.set(key, forKey: "current.account")
    UserDefaults.standard.synchronize()
}
if #available(iOS 13, *) {
    present(login, animated: true, completion: nil) // just swipe down to dismiss.
} else {
    present(UINavigationController(rootViewController: login),  // already adds a `Cancel` button to dismiss it.
            animated: true,
            completion: nil)
}

Or implement your own custom UIViewController using LoginWebView, and pass it to an APIHandler authenticate method using .webView(/* your login web view */).

Authentication.Response

If you’ve already persisted a user’s Authentication.Response:

// recover the `key` returned by `Authentication.Response.persist()`.
// in our example, we stored it in `UserDefaults`.
guard let key = UserDefaults.standard.string(forKey: "current.account") else { return print("`key` not found.") }
// recover the safely persisted `Authentication.Response`.
guard let cache = Authentication.Response.persisted(with: key) else { return print("`Authentication.Response` not found.") }
// log in.
let handler = APIHandler()
handler.authenticate(with: .cache(cache)) { _ in
    /* do something here */}

Usage

All endpoints are easily accessible from your APIHandler instance.

let handler: APIHandler = /* a valid, authenticated handler */// for instance you can…
// …fetch your inbox.
handler.messages.inbox(with: .init(maxPagesToLoad: .max),
                       updateHandler: nil,
                       completionHandler: { _, _ in /* do something */ })
// …fetch all your followers.
handler.users.following(user: .me,
                        with: .init(maxPagesToLoad: .max),
                        updateHandler: nil,
                        completionHandler: { _, _ in /* do something */ })

Futhermore, responses now display every single value contained in the JSON file returned by the API: just access any ParsedResponse rawResponse and start browsing, or stick with the suggested accessories (e.g. User‘s username, name, etc. and Media‘s aspectRatio, takenAt, content, etc.).

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago