Instagram-private-api: How to deal with `feedback_required` ?

Created on 10 Sep 2017  Â·  61Comments  Â·  Source: dilame/instagram-private-api

Sometimes I got a payload like this :

{
"json":{
"message":"feedback_required",
"spam":true,
"feedback_title":"Sorry, this feature isn't available right now",
"feedback_message":"An error occurred while processing this request. Please try again later. We restrict certain content and actions to protect our community. Tell us if you think we made a mistake.",
"feedback_url":"repute/report_problem/instagram_like_add/",
"feedback_appeal_label":"Report problem",
"feedback_ignore_label":"OK",
"feedback_action":"report_problem",
"status":"fail"
},
"name":"ActionSpamError",
"message":"This action was disabled due to block from instagram!"
}

The only way of getting out of this is to "Report problem" because it's really not a spam... but I don't see where we can do that through this library.
Thanks for helping !

Most helpful comment

Did someone find a solution?

All 61 comments

Same here. Having the issue since few days on 1-2 accounts and now seems that IG updated their system. Is there something that we can do while we wait for an IG update or from who maintain the repo?

There is no way to resolve it with module. It's IG block. Just pause this action for 24 hours.

Yep, if IG changes the endpoints, will the library updated?

Sure. But it doesn't look like they changed it for now :)

No endpoint changed, but when it happens on a real device and I click "report a problem", I can directly like again because it's really a mistake from instagram. There is no way to achieve that ? or to add that in the library ?

Then we have to wait IG. I'm into several IG discussion groups and all the bots died today (liking/commenting).

Do you have link to discussions ?

Nope but that happened.

I heard that refreshing proxies (if used) might resolve. I don't really believe that theory btw.

Today an IG update was rolled on the App Store and it's pretty heavy, so maybe there is the fix (?)

Well, last Insta version has this request body.

If liking from photo view:

{
    "media_id":"1600809097966712359_4327427528",
    "module_name":"photo_view",
    "user_id":"6028593528",
    "_uid":"2503871596"
}

Liking from feed:

{
    "media_id":"1600809097966712359_4327427528",
    "module_name":"feed_timeline",
    "_uid":"2503871596"
}

And this is our module body:

{
    media_id: "1600809097966712359_4327427528",
    src: "profile"
}

Probably we'l need to improve our module and try it :)

Fiddler like archive

@IvanMMM I've looked into this yesterday. In this request IG uses signature key version 5. Our current version is 4.

If you need any help let me know :)

EDIT: Seems that few bots was been updated successfully.

is someone working on it or need help ?

Yes, we need help, because we have no time to learn it :)

Is just the retrive of the new API key a solution? I might find out how to retrive it and send it to you or if you tell me what we have to do I can forward to my IT team :)

Yeah, just this need to be done or there something else too?

@sppmaster, we got new key, thx to @mme76. And we can sniff iPhone traffic, so that's a good start already. Problem is this new private key is from Android app and there could be difference between IOS and Android versions. Anyway, we are about to know it soon :)
It will be great if you can do SSL unpinning for android app.

On iPhone I should find a JB iPhone I guess, as there isn't a Developer mode into. Will forward your request (It will be great if you can do SSL unpinning for android app.) to my team

No need to unpin in iOS. Just android.
Check this. Got a key by this method.

Still having the issue btw

so do i

Are you feeding the APIs directly with the ID of the media?

same problem.
my code has worked since last year, but now has stopped working.
it was a post request to https://i.instagram.com/api/v1/media/{medi_pk}/like with a json dictionary like this:
var dic = new Dictionary<string, string>
{
{"_uuid", a new guid },
{"_uid", myself insta username },
{"_csrftoken", csrftoken },
{"media_id" , the pk of the media }
};
then encode sha-256 and migrating by same old signature key.
i think we should use a new signature key... but how?

Isn’t the new key updated just b updating the library itself?

Il giorno 29 set 2017, alle ore 16:12, Masoud Chegeni notifications@github.com ha scritto:

same problem.
my code has worked since last year, but now has stopped working.
it was a post request to https://i.instagram.com/api/v1/media/{medi_pk}/like with a json dictionary like this:
var dic = new Dictionary
{
{"_uuid", a new guid },
{"_uid", myself insta username },
{"_csrftoken", csrftoken },
{"media_id" , the pk of the media }
};
then encode sha-256 and migrating by same old signature key.
i think we should use a new signature key... but how?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/huttarichard/instagram-private-api/issues/330#issuecomment-333137491, or mute the thread https://github.com/notifications/unsubscribe-auth/AQ01fjioL2Ez50UpciWSMTEeVq5ebVnVks5snPrcgaJpZM4PSQZO.

No... The new key doesn't fix the problem at all...
I still got this issue

@sppmaster
i don't use any library. i wrote all of the code from the first. so the signature key is hard coded in my application.
How can i generate a new signature key...?

The issue is certainly related to the change that @IvanMMM notified previously

A few important points:

1) the iPhone version and the Android version use slightly different endpoint syntaxes and a different signature version (5 vs 4). This has been the case for a long time. We can't use iPhone captures to emulate Android behavior

2) Any changes in the endpoint syntax must match exactly the specific app version, User Agent string and key version. We can't simply use a new key and the old syntax or viceversa

3) the real apps constantly post analytics and stats about user behavior, that we (or any of the 3rd party APIs) don't emulate

4) as we all noticed, around 9/8 Instagram lowered their limits, in addition to getting better at detecting automated behavior, proxies from public cloud providers, aggressively blocking IPs and so on...

On Sep 29, 2017, at 11:15 AM, Jean-Yves DELMOTTE notifications@github.com wrote:

The issue is certainly related to the change that @IvanMMM notified previously

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

I'm not familiar with this api but i had the same problem and i have almost solved it . If you get the error message on your first like this is not the reason but if you can like some medias then the error happens the problem is probably with "module" . When you like an image/video/media you need to send a "module" name ( or the page that you found and liked that media from )

Liking/commeting an stranger photo/video/media module would be "photo_view_profile" or "video_view_profile" or "comments_photo_view_profile" . Every different page/media_type has different moudle name . You also need to pass extra data for some modules

This "module" thing has been added to many endpoints . For example when you request a user data by pk you should pass a request containing where you found that user from ( /api/v1/users/xxxxxx/info/?from_module=self_follower )

Half of my accounts are limited again .
This error is killing me

@IvanMMM any progress with module_name? Need any help?

Hi @dimasusername, I need some help. You solve this problem? the module helps me, but the problem persists in some accounts.

Does anyone got updates?
I've seen that is pretty random. Sometimes it says "Feedback_required" and sometimes after few seconds/minutes/hours it works.

There are also some new custom headers
I've added module and custom headers to my api but the problem still exists

@dimasusername Hi . Did you solve this problem? I'm even downloading the image before liking ( since you can't double-tap any image before it's loaded ) but most of my accounts still get this error

@moosbat How many accounts? Are you using proxies?

@ibrunotome About 400 . Yes and i've tested 4-5 proxy providers . Even residental proxies . It's an API issue

I'm switching proxy providers too but still get the issue. Just a note: I get ActionSpamError if I use the account also for following/commenting and other stuff. By just liking they works pretty fine.

If I follow/like/comment I get ActionSpamError with APIs but not from the app itself.

I don't know why but today, with my proxies (the old ones) I have an higher results. Before 60/100 were liking, today 80-90/100, does something changed at your end?

I can like up to 1k photos on some accounts but after some days the errors happens and i have to slow down for a while . This error happened for a few days 3 month ago then went away for a month and accounts started to get banned and now it is back again . They might be trying to detect bots so be careful with like untill you know what is wrong . I'm pretty sure it is an api issue even tho i'm watching the traffic from my phone and i'm doing exact same thing on my bot

@moosbat Is to much ask you a resume of "exact same thing on my bot" ?, I'm just doing what you said about pass the modules.

I would share my code if it could be any help to this issue but since i'm having this problem with most of my accounts i rather not share my bot strategy or codes . But i can send you a Charles session of latest Instagram android app activities so you can see what original application is doing

I would appreciate that, I'm just using the Api, but will start to study more deep into it because this errors.

this happen with me when i use a proxy even if its private and new one, so its kinda instagram detecting proxies and dont allow using them, i advice everyone who is looking to create like rounds with proxies to use telegram bots

@IvanMMM how do track the ios endpoints without unpinning? here the requests are encrypted.

Still no news?

@MMrR0b0TT download cracked ipa from 4pda and upload it to device via Impactor. And you will be able to see requests with charles(don't forget to add charles cert to your device)

Still no news?

@alex-yatsenko-sas I didn't find it on 4pda, could help me finding a Iphone5s cracked version?
thanks

Woah. That's a huge topic now :)
Well. We are trying to ride dying horse. All we need it new signature key 5 and Android apk file w/o ssl pinning. That's for the beginning. Problem is we can't get it.

@IvanMMM describe how to get those and I'll have my team get them

@dimasusername, actually we already got it. Working on v23 already :)

@IvanMMM When do you think you'll update the framework? And also the follows problems #387.

If you need me to write some code or test anything let me know, these two are dealbreakers for us.

@dimasusername, write me an email, mate. In my profile

Did someone find a solution?

you can report the problem by making signed post request to provided feedback_url. Example:
https://i.instagram.com/api/v1/repute/report_problem/instagram_like_add/, post body fields {"_csrftoken":"MNJY2yqFVIeHYiZHaux2jEZ9Rn9dDl0v","_uid":1,"_uuid":"d2d55f4b-b2b5-49a1-94b9-9e873fa4e9f9"}

NOTE that request should be signed with signature key according to the version you are using and _uid should contain your user's id.

Should get response
{"status": "ok"}

Regards

@bogvsdev In my InstagramPrivateAPI wrapper class, I implemented a request like function just like this:
but when action spam error occurs, after printing log == action spam call == nothing happens.

async requestLikeTest(mediaId) {
        try {
            let session = await this.getSession();
            let likeRequest = new Client.Request(session)
            .setMethod('POST')
            .setResource('like', {id: mediaId})
            .generateUUID()
            .setData({
                media_id: mediaId,
                src: 'profile'
            })
            .signPayload();
            let uuid = likeRequest._request.data._uuid;

            likeRequest
            .send()
            .then(async (data) => {
                let like = new Client.Like(session, {}); 
                console.log(data);
            })
            .catch(Client.Exceptions.ActionSpamError, async (err) => {
                console.error(err);
                // handle action spam error
                let requestUrl = 'https://i.instagram.com/api/v1/' + err.json.feedback_url;
                let postData = {};
                let cookie = session._cookiesStore.storage.idx['i.instagram.com']['/'];
                postData._csrftoken = cookie.csrftoken.value;
                postData._uid = cookie.ds_user.value;
                postData._uuid = uuid;
                let signedData = await Client.Signatures.sign(postData);

                await this.actionSpamCallback(requestUrl, signedData);
            });
        } catch (err) {
            throw err;
        }
    }

    async actionSpamCallback(requestUrl, signedData) {
        console.log(`== action spam call ==`);
        return new Promise((resolve, reject) => {
            request.post({
                headers: this.getCommonHeaders,
                uri: requestUrl,
                form: signedData
            }, (err, res, body) => {
                console.log(`== action spam error request err ==\n${err.stack}`);
                console.log(`== action spam error request res ==\n${res.statusCode}`);
                console.log(`== action spam error request body ==\n${JSON.stringify(body)}`);
                if (err) return reject(err);
                return resolve();
            });
        });
    }

Thank you.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

350d picture 350d  Â·  53Comments

ozican picture ozican  Â·  143Comments

DenisKrsk picture DenisKrsk  Â·  33Comments

MMrR0b0TT picture MMrR0b0TT  Â·  18Comments

ambross picture ambross  Â·  10Comments