Get the top HN stories in your inbox every day.
nkozyra
> Many companies and tools are built on and rely on this API for their product & daily operations.
Hopefully not their entire product. The first rule is don't build your company on the back of another, but I think the most important part is that if you do use another company, make sure you're fine if they disappear one day.
The last time Facebook made major changes (ostensibly as a response to the Cambridge Analytica stuff, but that was just an excuse) a bunch of people got burned.
My company did too but we always kept ourselves in a place where if it vanished we'd be - at worst - inconvenienced.
This approach came because early on I was burned by Twitter changes that were more impactful.
Most recent Twitter changes prove that even paying for access provides no guarantees.
i386
this is easy to say as a comment on HN but unavoidable to a large degree for businesses in the marketing and social media space.
dylan604
you play in the mud, you're going to get dirty. if your entire marketing company focuses on social, then why that doesn't fall into "all eggs, one basket" concept is beyond me. Sure, it's much easier to get a company rolling when you have to do nothing but use the product of someone else as the core of your business, but why that's not an immediate red flag to someone in that position is something i just don't understand.
BoorishBears
This has got to be the most platitudes I've ever seen stuffed in a single comment... I almost want to say it's satire.
But yeah, there's a lot of real valuable businesses built on existential risks. We're currently getting a reminder that our banking system puts all its eggs in the idea not too many people will ask for money at the same time.
Optimizing for black swan events is just generally not good business.
lozenge
Marketers and customer service need to be able to manage their social accounts, that's a product space which inherently relies on API access to those website. Maybe you wouldn't want to build that product, but clearly somebody will.
helsinkiandrew
Sorry that’s nonsense. Companies spend hundreds of billions of dollars on FB and IG marketing (presumably because they see a benefit) and are willing to pay companies to help them do it.
Many companies large and small rely on getting most of their business from a single entity, whether that’s the US military, Ford, or contractors working at a local company.
No business opportunity will last forever
Waterluvian
Yeah, I don’t think it’s right to say “never try.” It’s more, “never lose sight at how brittle your business is. The other company owes you nothing if it’s not written in a contract. You aren’t a victim when it breaks your business.”
LadyCailin
Part of these types of businesses is accepting that risk then, and knowing that despite doing everything right, your business may be unceremoniously shut down because of some PM’s whim. I wouldn’t want to be in that kind of position, but I guess more power to those that do.
nkozyra
Well these are riskier businesses to start for this reason.
I did cage it by saying make sure your whole company doesn't collapse if one API gets shut down.
WA
I have the same attitude and it is severely restricting my creativity. While I think "don’t build on other peoples APIs", others just launched many tools built on top of Instagram, OpenAI, Twitter and whatnot.
By now I feel like it’s better to build on top of an API, be aware that it might go away one day but make money while it lasts, which can be many years.
princevegeta89
Sorry but APIs aren't meant to be broken at anytime. That's what they are for. That is the unwritten part of the so called contracts/agreements.
I do not understand how the idea of not building a company on the back of another is possible. We rely on other companies for deployments, hosting, reporting, monitoring, payments, billing and security etc. Some may be less critical than others but how can you avoid your reliance on other companies at all?
brookst
It’s about diversification. Don’t build a company entirely dependent on a single other company that can’t be replaced.
If your payment provider stops offering payments, it’s annoying but not existential. If your whole business is reselling a single artist and they die or switch to a different gallery, you’re done.
kaetemi
Ensure you have a backup supplier that you can switch to.
j45
Very true. It’s a small but very helpful act of looking out for your future self to generalize access to APIs or multiple providers in your codebase via your own concept of accessing a list of service providers can be easily swapped out or added to.
marpstar
GP's advice generally applies when talking about integrating with a third party API to provide data as a "input" to your business. The things you listed (deployment, hosting, monitoring...) are all after-the-fact concerns, and are generally interchangeable in a way that the API output schema (or systems uptime) for a particular service is not.
paulddraper
> The first rule is don't build your company on the back of another
What's the over-under on # of companies built on AWS?
omk
True. The Twitpic story comes to mind.
i386
My startup is a consumer of the Graph API for Instagram (OP appears to be using Dispay API). We have about 1000 loc that just deal with weird user specific bugs in their API and it’s impossible to give feedback about it to anyone at Meta.
OP - is there a way to contact you? Drop me a DM on ig Instagram.com/i386 I may be able to help with a workaround
barbazoo
Not sure if they fixed it yet but starting a month or so ago FB disabled creating test users which broke our release process in one corner of the org. Same thing you mentioned, lots of bug reports, no response other than boilerplate 1st level support.
I don't mind it though, long term that's good news as it'll let us remove any dependencies we have on FB.
s1k3s
I mean, Meta's developer terms literally say you agree they can take your product at any time and turn it in their own product without prior notification. And that's on top of "we can change anything, we can cut out your access at any time" etc. So yeah, do you really expect anything from these companies? Don't make your product rely on them.
mjdowney
There is nothing more frustrating than a status page that lies about the state of an API. Feels like insult + injury. I'd rather they not even have a status page!
xwdv
Unfortunately almost all status pages are for gaslighting purposes when things get really bad.
Easier to tell a developer they’re crazy and their code was wrong than to admit to downtime and violate any SLAs.
reustle
There have been various attempts to create status pages that aren’t controlled by the companies they are watching. Not sure which are the most popular now.
egberts1
Meta (Facebook/Instagram) must have not taken the Twitter route during their mass layoffs.
You cut non-essential folks firstly and critical operational personnel lastly.
cldellow
I gather you haven't tried to use the Twitter Ads API lately. :) This is literally an API that makes it easier for people to give money to Twitter. And yet it's seemingly abandoned since the Musk takeover, with the old documentation taken down and the support forums ignored.
egberts1
Is it still in Elon Musk's business model, perhaps that's what he wanted.
blululu
They probably tried to do that but without a complete understanding of who does what exactly. Imagine a clueless manager lists out who on their team does what. Imagine the clueless manager got canned and now someone one or two steps removed needs to assess who does what. You don’t get to a layoff by being a well managed org, so you typically don’t execute the layoff very well.
femiagbabiaka
Twitter didn’t take that route either.
kleinsch
Nice snark, but layoffs in Nov were primarily business, most recent round doesn’t actually start in tech until April.
paxys
You are right the Twitter API is so usable right now..
Arbortheus
GET for creating access tokens seems like the incorrect request type.
dbalatero
Oddly their docs use GET though https://developers.facebook.com/docs/instagram-basic-display...
i386
Welcome to Meta API
contravariant
Using GET to request a resource, kind of makes sense. Usually you want to send some information to the endpoint as well though, which makes a GET a bit awkward.
jeroenhd
GET should be idempotent, so if the request is repeated by the browser/a proxy/a user hitting F5, it should not matter. This is why some websites with inadequate password reset email links don't work if your company/ISP/email provider implements link scanning, as the automated service already clicked the super secret one-time link (and if the website is following the spec, that should be totally fine).
As long as the GET requests returns the same or equivalent API data every time they make total sense. For an access token, that's perfectly fine, assuming they don't generate a new token with every request of course.
reddec
Did you try POST (regardless of docs)?
Traubenfuchs
It‘s calming to see that even big tech is unable to properly manage their APIs including completely useless error massages and communication silence.
never_inline
Diseconomies of scale.
turnsout
I really hope more users discover Pixelfed. As a developer, it was so easy to work with (99% people of the time just treat it like the Mastodon API).
zimpenfish
I'm hoping that someone makes a Pixelfed-alike with a sane stack like Elixir or Go. The installation guide is just a bit too long and faffy for me right now.
turnsout
If enough people show up, that will happen, just like it has with Mastodon
helsinkiandrew
Saw this a few months ago (strangely it seems ok for us at the moment) With no response or acceptance there was a problem from FB it started working 2 weeks later.
If your users are professional/business you should be using the graph API - this is much better supported/tested. To me the display/basic API feels like something that isn’t that integral to FB and could be dropped at any time.
Animats
Your problems mean nothing to us, puny startups!
Get the top HN stories in your inbox every day.
Meta offers an OAuth based API for Instagram. Many companies and tools are built on and rely on this API for their product & daily operations.
Beginning Friday evening (US time), a critical endpoint in this API has broken. The endpoint creates long-lived access tokens, so it is in the critical path for almost any company using the API.
I find it disappointing that a leading technological company does not acknowledge a bug that's been reported to them several times more than 24 hours ago, even if to say that's it's being investigated.
The endpoint: https://developers.facebook.com/docs/instagram-basic-display-api/guides/long-lived-access-tokens#get-a-long-lived-token
Currently the API returns a Bad Request with a wrong error message (the endpoint should support "GET"): ``` { "message": "Unsupported request - method type: get", "type": "IGApiException", "code": 100, "fbtrace_id": "AuDYqK74IrT9Yt2Sx51UlP6" } ```
I have opened a bug report but received no response. Facebook's status page shows all green in the API section: https://metastatus.com/ There are several Meta Developers Community threads with no response