Facing significant blowback from horrified organizations and users worldwide with respect to the Cambridge Analytica debacle, Facebook appears to be responding with swift action that will undoubtedly result in disgruntled developers and users. The sudden and swift changes without warning should put all API consuming developers on notice that their favorite APIs (Facebook, Instagram, or otherwise) may also be subject to sudden changes as other API providers re-evaluate the degree to which their APIs could be compromising individual privacy.
Yesterday (April 4, 2018), without warning a post appeared on the ChangeLog of Instagram’s API notifying developers that at least 15 API resources were being “deprecated immediately.” Instagram is owned by Facebook.
The resources were categorized into four buckets: Follows and Relationships, Commenting on Public Content, Likes, and User Search. Additionally, the changelog post noted that "Some information on Public Content returned through hashtag and location search will be removed - Name, Bio, Comments, Commenters, Follower Count, Following Count, Post Count, and Profile Picture.” The post also notes that developers will no longer be able to "receive notifications when media is posted."
Upon closer inspection, the deprecations would prevent the sort of query where a developer could go from discovering an Instagram user's followers, to grabbing their IDs, and then searching Instagram on the basis of those IDs. It's the same sort of query that has revealed itself to be problematic in the case of Cambridge Analytica.
What’s most unusual about the post is how it starts with the text "The following endpoints are deprecated immediately.” Mature API providers like Facebook or Instagram usually offer developers sufficient warning that an API is about to be deprecated in part or in whole. The more established the API provider, the more runway developers typically get to adjust their code — sometimes a year or more. The reason for this is that if those developers have existing applications in circulation (in the hands of end users) that make use of the resources being planned for deprecation, any sudden deactivation of those resources may cause those applications to break.
In the API economy, such deprecations or modifications are referred to as “breaking changes” because they are breaking what is called the “API contract” in such a way that breaks the downstream applications (for a great explanation of API contracts in terms of Legos, electrical sockets, and shipping containers, be sure to watch this video). Many API providers have learned the hard way that, if they introduce breaking changes without warning developers, there will be hell to pay in terms of developer backlash. Hell that could negatively impact the API provider’s brand and ultimately their business.
In this case however, it appears as though the special circumstances surrounding the Cambridge Analytica situation and the microscope that Facebook is now under, the sudden and immediate deprecation of certain resources (ones that helped developers harvest a great deal of information about Instagram users) are warranting the breaking changes without notice.