Publishing guidelines and signed requests Over 300 million Instagrammers use the app every month to capture and share the world?s moments with friends and the broader community. This growing audience, and the beautiful photos and videos they post every day, have driven increased interest from developers to build creative and innovative apps using the Instagram API. Today, we are making updates to our API to ensure positive and authentic experiences for our community, as well as provide developers with better tools to protect their products. Guidelines for Publishing Likes and Relationships Actions New Apps Starting today, any newly created client_id that wishes to issue POST and DELETE requests to the Likes or Relationships API endpoints will first have to request that access. This will follow the same process that we introduced for posting comments last year. Examples of use-cases that will be considered for access include: Media rights management: for example a platform for media publishers and brands to request permission from the Instagram community to use Instagram content. Social media management: for example, a platform to help businesses integrate Instagram in their social media workflow. Developers who feel they have met the requirements and meet API terms can request access here. Existing Apps For already existing applications that are using the POST endpoints, we will continue to ensure that they comply with our terms and approved scenarios. However, if an app has not posted a Like/Follow since January 1, 2015, that app will have until April 28, 2015 to make a formal request for access before access is turned off. Enhanced Security When Signing API Requests We are also providing an enhanced way for developers to sign their API requests. The new ?Enforce signed request? option instructs Instagram to verify each API call for a valid HMAC (Hash Message Authentication Code). This code is produced by signing the API call parameters with a secret key that is only shared with Instagram and the developer. This technique helps mitigate impersonation attempts and protects developers from targeted abuses by malicious actors. Additionally, those developers signing their requests will enjoy higher rate-limits for various endpoints. Please read the documentation for more information. Previous Signing Method Deprecation For developers who have already been signing API requests, thank you for ensuring the quality of your API calls. We ask that you make the incremental change to use the enhanced method by September 1, 2015. Thank you for helping us keep the Platform safe and fun for the Instagram community.