Skip to content
हिं

Docs developer

OAuth flow diagram

Last updated: 2026-05-20

Flow overview

sequenceDiagram

  participant Admin as WP Admin


  participant Site as Customer WordPress


  participant Meta as Meta OAuth


  participant Proxy as Hosted proxy (one.mahihub.in)


  participant Graph as Instagram Graph API



  Admin->>Site: Click Connect Instagram


  Site->>Meta: Authorize (redirect)


  Meta->>Site: Callback with code (/instagram-proxy-callback/)


  Site->>Proxy: Exchange code (no App Secret on site)


  Proxy->>Meta: Token exchange


  Proxy->>Graph: graph.me


  Proxy->>Site: Tokens (encrypted in DB)


  Site->>Admin: Dashboard success

Steps

1. Admin starts connect from the plugin Dashboard.

2. Browser redirects to Meta OAuth.

3. Meta redirects to https://customer-domain.com/instagram-proxy-callback/ with an authorization code.

4. Plugin sends the code to the hosted proxy — App Secret is not stored in the plugin.

5. Proxy returns long-lived tokens; plugin encrypts and stores them in the database.

6. WP-Cron refreshes tokens approximately every 30 days.

Debug

Enable WP_DEBUG_LOG and search for [SCF OAuth] entries when troubleshooting.

Was this helpful?