instagram-private-api: Getting Checkpoint Error over and over

When i got checkpoint error message from api, I have passed checkpoint by clicking “This was me” and tried again to call api but no luck. i got following message every time:

{ [RequestError: challenge_required]
  name: 'RequestError',
  message: 'challenge_required',
  json:
   { message: 'challenge_required',
     challenge:
      { url: 'https://i.instagram.com/challenge/5746353294/XiIA0cso5U/',
        api_path: '/challenge/5746353294/XiIA0cso5U/',
        hide_webview_header: true,
        lock: true,
        logout: false,
        native_flow: true },
     status: 'fail',
     error_type: 'checkpoint_challenge_required' } }

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 43 (1 by maintainers)

Most upvoted comments

I have come to this conclusion after days of trial and error.

  1. API Login + Self Hosted Script (Home IP) = Success
  2. API Login + Server Hosted (Proxy) = Fail
  3. Web/App Login + Proxy (Literally any freaking proxy) = Success

I am noticing this pattern again and again with various trials and errors.

Those claiming this to be an spam update - I do not see how it can be one if its avoiding the main spam farms (bot farms) as they all seem to be having no glitch at all.

Plus - my custom script is built to NOT give actions (my bot doesn’t like/comment/follow/unfollow/post) - literally nothing. I just scrape likes/comments on a slow speed. I wonder if that classifies as spamming.

Some people are claiming this to be ‘gift from heaven’. Haha. Gift for whom? The bot farms are thriving. Panels with 500,000+ Instagram bot profiles are still up and working so freaking PERFECT. Gift from heaven it seems. Haha.

This HAS happened once more an year ago. Exact same situation. It kind of went away after a few days. So lets see.

EDIT - If at all this is a spam filter then it is a poor one. I have never botted my Instagram accounts for ‘growth’. I have never automated actions (likes/comments/posts and all). My accounts are 100% hand grown with no ‘spammy’ activity. My script does nothing but scrape likes/comments and now I am blocked from logging in via API when hosted on a server? Its just not adding up.

+5
XXWGXX on Dec 10, 2017

@XXWGXX @sagardalal21 @sppmaster

Does it make sense to setProxy after login seems to be working for me.

// And go for login
Client.Session.create(device, storage, user, password)
	.then(function (session) {
		Client.Request.setProxy('http://ip:port/'); // update proxy after login
		// Now you have a session, we can follow / unfollow, anything...
		// And we want to follow Instagram official profile
		return [session, Client.Account.searchForUser(session, user)] // finding id for my current var user 
	})
+3
alexrmacleod on Jan 28, 2018

@JonathanMatthey @sppmaster @itemimg @pasevin @newstarbka @airfire @XXWGXX @sblim0126 @gitadept @comradefuzz @sagardalal21

I assume the challenge loop is due to instagrams geoip spam blocker

1: if you use an ip of a country on the other side of the world from where you last logged in it will result in a challenge loop 2: if you use a proxy ip in the same country or a country very near to you it should be fine and you don’t need to setProxy after login 3: http://www.gatherproxy.com/proxylist/country/?c=Hong Kong is a good place to get proxies, pick one with high uptime and good response times, I found transparent proxys worked best for me 4: if you really want to step up your ip game buy an raspberrypi 3 install squid3, configure the conf file and go to a friends/ parents house and port forward their router to your squid proxy running on the pi and don’t forget to use dynamicdns since isp’s usually don’t give static ips for home internet use.

here is how I setup my raspberry pi to make my own dedicated proxy if you are curious.

ip addresses for devices on wifi network arp -a

login for deb raspberry os sudo ssh pi@ip (.117 is home ip will change) ssh pi@ip

office address external public ip: xxx.xx.xx.xx:xxxx update blaah.ooguy.com sudo ssh pi@ip (.13 is home ip will change) changed static to sudo ssh pi@1ip external access this works for office when accessing it externally! -p = port ssh -p 22 pi@dynudns.com or ssh -l pi -p 22 ip

config to setup proxy sudo raspi-config sudo apt-get update sudo apt-get install squid3

squid stuff /etc/squid/squid.conf /var/log/squid/access.log sudo nano /etc/squid/squid.conf

in squid.conf unhash #acl localnet src 192.168.0.0/16 or #acl localnet src 10.0.0.0/8 #http_access allow localnet

the in squid.conf comment https://stackoverflow.com/questions/10895711/squid-proxy-howto-allow-tcp-connect-getting-tcp-denial-400-with-err-invalid

Deny CONNECT to other than secure SSL ports

#http_access deny CONNECT !SSL_ports http_access allow SSL_ports

and https://stackoverflow.com/questions/36319830/squid-proxy-error-403-tcp-how-to-fix http_access deny all to: http_access allow all

then add https://serverfault.com/questions/102668/remove-x-forwarded-for-header-in-squid-3-0 via off forwarded_for off follow_x_forwarded_for deny all request_header_access X-Forwarded-For deny all header_access X_Forwarded_For deny all

then change port in conf file to whatever you want xxxx 1234 or something http_port 3128

save and

sudo service squid restart sudo tail -f /var/log/squid/access.log

dyne ip update client do this after everything put in dynu.sh https://www.dynu.com/DynamicDNS/IPUpdateClient/RaspberryPi-Dynamic-DNS echo url=“https://api.dynu.com/nic/update?username=alemac&password=xxxx” | curl -k -o ~/dynudns/dynu.log -K -

could try this dns org instead of dynu: https://www.dnsdynamic.org/ saw some tutioirals for pi setup online

manually change dynu put in browser https://api.dynu.com/nic/update?hostname=jeremy.ooguy.com&password=xxxx

at boot run for dyne ip update every 5 mins https://askubuntu.com/questions/23009/why-crontab-scripts-are-not-working

crontab -e original */5 * * * * ~/dynudns/dynu.sh >/dev/null 2>&1 update */5 * * * * /home/pi/dynudns/dynu.sh >/dev/null 2>&1

pi@raspberrypi:~ $ nano dynudns/dynu.log pi@raspberrypi:~ $ nano dynudns/dynu.sh

might have to reboot to make cron run or sudo service cron reload check if working run look for numbers with cmd: pgrep cron

https://www.youtube.com/watch?v=PUGPUYmr4lE actually gets installed as squid not squid3 https://stackoverflow.com/questions/5994907/command-to-restart-squid-proxy-server https://stackoverflow.com/questions/41318597/ssh-connection-refused-on-raspberry-pi https://elinux.org/R-Pi_Troubleshooting#Some_programs_refuse_to_accept_my_password password issue run this: gconftool-2 --type bool --set /apps/gksu/sudo-mode true

file on no extention https://discussions.apple.com/thread/132899

making ip on pi static and more dynamic dns tips https://raspberrypi.stackexchange.com/questions/6757/how-to-use-ssh-out-of-home-network nano /etc/dhcpcd.conf (check bottom https://electrondust.com/2017/11/25/setting-raspberry-pi-wifi-static-ip-raspbian-stretch-lite/) sudo /etc/init.d/networking restart ifconfig (to see if static ip has changed)

+2
alexrmacleod on Feb 19, 2018

@sppmaster I did many tests with latest key. I have achieved a valid session (can working with private api), but didn’t leave checkpoint loop. When I log in from my device, I get “send code to email”, and after inserting, challenge repeats again and again…

+1
gitadept on Dec 10, 2017
Read more comments on GitHub
← instagram-private-api: CookieNotValidError
instagram-private-api: IgResponseError: POST /api/v1/accounts/login/ - 400 Bad Request →