Setup an oauth2 provider for instagram and access their basic display api. The biggest problem is indeed the tokens, when you login you get an authorization code, this is then exchanged for an access token and optionally an refresh token. You then use the access token to access the api. The problem is that the standard acces token that you get expires after 1 hour, you have to exchange it for a long-lived access token (60 days), you can do this with the refresh token. You also have to refresh the long-lived access token again before it expires.
We have most of the logic build-in with the oauth2 provider, it will do the exchange of the exchange of the authorization code for an access token for you. It will store the access token and refresh token in a session. You can then use the oauth2 provider in your api calls. When the access token is almost expires or it is expired then the oauth2 provider will try to exchange the access token for a new one.
Problem with the facebook api is that it will not allow you to exchange the token when it is expired and it also doesn’t like it when you request a new token to fast. So you will need some scheduler that will handle the refresh.