nodejs-insta-private-api-mqtt 1.3.64 → 1.3.65

package/dist/constants/index.js

@@ -12,7 +12,17 @@ const LOGIN_EXPERIMENTS = 'ig_android_fci_onboarding_friend_search,ig_android_de
 const FACEBOOK_ANALYTICS_APPLICATION_ID = '567067343352427';
 const FACEBOOK_OTA_FIELDS = 'update%7Bdownload_uri%2Cdownload_uri_delta_base%2Cversion_code_delta_base%2Cdownload_uri_delta%2Cfallback_to_full_update%2Cfile_size_delta%2Cversion_code%2Cpublished_date%2Cfile_size%2Cota_bundle_type%2Cresources_checksum%2Callowed_networks%2Crelease_id%7D';
 const FACEBOOK_ORCA_APPLICATION_ID = '124024574287414';
-const BLOKS_VERSION_ID = '388ece79ebc0e70e87873505ed1b0ff335ae2868a978cc951b6721c41d46a30a';
+const BLOKS_VERSION_ID = 'ce555e5500576acd8e84a66018f54a05720f2dce29f0bb5a1f97f0c10d6fac48';
+
+const SUPPORTED_CAPABILITIES = [
+  {
+    value: '119.0,120.0,121.0,122.0,123.0,124.0,125.0,126.0,127.0,128.0,129.0,130.0,131.0,132.0,133.0,134.0,135.0,136.0,137.0,138.0,139.0,140.0,141.0,142.0',
+    name: 'SUPPORTED_SDK_VERSIONS',
+  },
+  { value: '14', name: 'FACE_TRACKER_VERSION' },
+  { value: 'ETC2_COMPRESSION', name: 'COMPRESSION' },
+  { value: 'gyroscope_enabled', name: 'gyroscope' },
+];
 const HOSTNAME = 'i.instagram.com';
 const WEB_HOSTNAME = 'www.instagram.com';
 const HOST = `https://${HOSTNAME}/`;
@@ -33,6 +43,7 @@ module.exports = {
   FACEBOOK_OTA_FIELDS,
   FACEBOOK_ORCA_APPLICATION_ID,
   BLOKS_VERSION_ID,
+  SUPPORTED_CAPABILITIES,
   HOSTNAME,
   WEB_HOSTNAME,
   HOST,

package/dist/core/client.js

@@ -78,16 +78,19 @@ class IgApiClient extends EventEmitter {
    * NOTE: removed automatic realtime connection attempt.
    */
   async login(credentials) {
-    // ANTI-BOT: Automatically simulate app launch if not already done recently
     if (this.state.deviceId) {
-       try { 
-         await this.simulateAppStart(); 
-         // Real behavior: fetch contact permissions, explore, etc.
-         await this.simulateAndroidBehavior();
-       } catch (e) {}
-       await new Promise(resolve => setTimeout(resolve, 3000));
+       try {
+         await this.preLoginFlow();
+       } catch (e) {
+         if (this.state.verbose) console.warn('[Pre-Login] Flow error (non-fatal):', e.message);
+       }
     }
     const result = await this.account.login(credentials);
+    try {
+      await this.postLoginFlow();
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Post-Login] Flow error (non-fatal):', e.message);
+    }
     return result;
   }
 
@@ -173,68 +176,83 @@ class IgApiClient extends EventEmitter {
   // === UTILITY HELPER METHODS
   // -------------------------------
 
-  /**
-   * Simulates the exact sequence of requests an Android device makes when opening the Instagram app.
-   * This should be called BEFORE login to establish the device's presence as a legitimate app instance.
-   */
-  async simulateAppStart() {
-    if (this.state.verbose) console.log('[Anti-Bot] Starting Android App Launch Simulation...');
-    
-    // 1. Emulate Launcher Sync (Fetching app configuration)
-    // This tells Instagram "I am opening the app and checking for feature flags"
+  async preLoginFlow() {
+    if (this.state.verbose) console.log('[Pre-Login] Starting pre-login flow (sync_launcher)...');
     try {
       await this.request.send({
         url: '/api/v1/launcher/sync/',
         method: 'POST',
-        form: {
-          configs: 'ig_android_launcher_sync_config',
+        form: this.request.sign({
           id: this.state.uuid,
-        },
+          server_config_retrieval: '1',
+        }),
       });
-      if (this.state.verbose) console.log('[Anti-Bot] Launcher Sync: OK');
+      if (this.state.verbose) console.log('[Pre-Login] Launcher Sync: OK');
     } catch (e) {
-      if (this.state.verbose) console.warn('[Anti-Bot] Launcher Sync Failed (Non-fatal):', e.message);
+      if (this.state.verbose) console.warn('[Pre-Login] Launcher Sync Failed (non-fatal):', e.message);
     }
+    await new Promise(resolve => setTimeout(resolve, Math.random() * 700 + 175));
+  }
 
-    // 2. Emulate QE Sync (Quick Experiment Sync)
-    // Instagram apps check for A/B testing experiments on launch
+  async postLoginFlow() {
+    if (this.state.verbose) console.log('[Post-Login] Starting post-login flow...');
     try {
       await this.request.send({
-        url: '/api/v1/qe/sync/',
+        url: '/api/v1/feed/reels_tray/',
         method: 'POST',
-        form: {
-          experiments: 'ig_android_qe_sync_config',
-          id: this.state.uuid,
-        },
+        form: this.request.sign({
+          supported_capabilities_new: JSON.stringify(this.state.constants.SUPPORTED_CAPABILITIES),
+          reason: 'cold_start',
+          timezone_offset: String(this.state.timezoneOffset),
+          tray_session_id: this.state.traySessionId,
+          request_id: this.state.requestId,
+          _uuid: this.state.uuid,
+          page_size: 50,
+          reel_tray_impressions: {},
+        }),
       });
-      if (this.state.verbose) console.log('[Anti-Bot] QE Sync: OK');
+      if (this.state.verbose) console.log('[Post-Login] Reels tray: OK');
     } catch (e) {
-      if (this.state.verbose) console.warn('[Anti-Bot] QE Sync Failed (Non-fatal):', e.message);
+      if (this.state.verbose) console.warn('[Post-Login] Reels tray failed (non-fatal):', e.message);
     }
-
-    // 3. Log Attribution (App Launch Event)
-    // This is crucial. Real apps report "I have launched".
     try {
+      const timelineData = JSON.stringify({
+        has_camera_permission: '1',
+        feed_view_info: '[]',
+        phone_id: this.state.phoneId,
+        reason: 'cold_start_fetch',
+        battery_level: 100,
+        timezone_offset: String(this.state.timezoneOffset),
+        device_id: this.state.uuid,
+        request_id: this.state.requestId,
+        _uuid: this.state.uuid,
+        is_charging: Math.random() > 0.5 ? 1 : 0,
+        is_dark_mode: 1,
+        will_sound_on: Math.random() > 0.5 ? 1 : 0,
+        session_id: this.state.clientSessionId,
+        bloks_versioning_id: this.state.bloksVersionId,
+        is_pull_to_refresh: '0',
+      });
       await this.request.send({
-        url: '/api/v1/attribution/log_attribution/',
+        url: '/api/v1/feed/timeline/',
         method: 'POST',
-        form: {
-          adb_ifa: this.state.adsId, // Advertising ID
-          did: this.state.deviceId,
-          event_name: 'app_launch',
-          extra: JSON.stringify({
-            clock_skew: 0,
-          }),
+        data: timelineData,
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
+          'X-Ads-Opt-Out': '0',
+          'X-DEVICE-ID': this.state.uuid,
+          'X-CM-Bandwidth-KBPS': '-1.000',
+          'X-CM-Latency': String(Math.floor(Math.random() * 5) + 1),
         },
       });
-      if (this.state.verbose) console.log('[Anti-Bot] Attribution Logged: OK');
+      if (this.state.verbose) console.log('[Post-Login] Timeline feed: OK');
     } catch (e) {
-      if (this.state.verbose) console.warn('[Anti-Bot] Attribution Log Failed (Non-fatal):', e.message);
+      if (this.state.verbose) console.warn('[Post-Login] Timeline feed failed (non-fatal):', e.message);
     }
+  }
 
-    // 4. Check App Updates (Optional but realistic)
-    // Simulates checking if a new version is available (often happens on launch)
-    if (this.state.verbose) console.log('[Anti-Bot] App Simulation Complete. Ready to Login.');
+  async simulateAppStart() {
+    return this.preLoginFlow();
   }
 
   /**

package/dist/core/request.js

@@ -44,17 +44,13 @@ class Request {
   }
 
   signature(data) {
-    return crypto.createHmac('sha256', this.client.state.signatureKey)
-      .update(data)
-      .digest('hex');
+    return 'SIGNATURE';
   }
 
   sign(payload) {
     const json = typeof payload === 'object' ? JSON.stringify(payload) : payload;
-    const signature = this.signature(json);
     return {
-      ig_sig_key_version: this.client.state.signatureVersion,
-      signed_body: `${signature}.${json}`,
+      signed_body: `SIGNATURE.${json}`,
     };
   }
 
@@ -173,6 +169,14 @@ class Request {
     if (headers['ig-set-password-encryption-pub-key']) {
       this.client.state.passwordEncryptionPubKey = headers['ig-set-password-encryption-pub-key'];
     }
+    const mid = headers['ig-set-x-mid'];
+    if (mid) {
+      this.client.state.mid = mid;
+    }
+    const igURur = headers['ig-set-ig-u-rur'];
+    if (igURur) {
+      this.client.state.igURur = igURur;
+    }
 
     // Update cookies from Set-Cookie headers (if cookieJar is available)
     const setCookieHeaders = headers['set-cookie'] || headers['Set-Cookie'];
@@ -252,33 +256,70 @@ class Request {
   }
 
   getDefaultHeaders() {
-    return {
-      'User-Agent': this.client.state.appUserAgent,
-      'X-Ads-Opt-Out': this.client.state.adsOptOut ? '1' : '0',
-      'X-IG-App-Locale': this.client.state.language,
-      'X-IG-Device-Locale': this.client.state.language,
-      'X-Pigeon-Session-Id': this.client.state.pigeonSessionId,
+    const state = this.client.state;
+    const locale = (state.locale || state.language || 'en_US').replace('-', '_');
+    const lang = locale.replace('_', '-');
+    const acceptLanguage = lang === 'en-US' ? 'en-US' : `${lang}, en-US`;
+    const userId = (() => {
+      try { return state.cookieUserId; } catch { return 0; }
+    })();
+
+    const headers = {
+      'X-IG-App-Locale': locale,
+      'X-IG-Device-Locale': locale,
+      'X-IG-Mapped-Locale': locale,
+      'X-Pigeon-Session-Id': `UFS-${state.pigeonSessionId}-1`,
       'X-Pigeon-Rawclienttime': (Date.now() / 1000).toFixed(3),
-      'X-IG-Connection-Speed': `${random(1000, 3700)}kbps`,
-      'X-IG-Bandwidth-Speed-KBPS': '-1.000',
-      'X-IG-Bandwidth-TotalBytes-B': '0',
-      'X-IG-Bandwidth-TotalTime-MS': '0',
-      'X-IG-Extended-CDN-Thumbnail-Cache-Busting-Value': (this.client.state.thumbnailCacheBustingValue || 0).toString(),
-      'X-Bloks-Version-Id': this.client.state.bloksVersionId,
-      'X-IG-WWW-Claim': this.client.state.igWWWClaim || '0',
-      'X-Bloks-Is-Layout-RTL': (this.client.state.isLayoutRTL !== undefined) ? this.client.state.isLayoutRTL.toString() : 'false',
-      'X-IG-Connection-Type': this.client.state.connectionTypeHeader,
-      'X-IG-Capabilities': this.client.state.capabilitiesHeader,
-      'X-IG-App-ID': this.client.state.fbAnalyticsApplicationId,
-      'X-IG-Device-ID': this.client.state.uuid,
-      'X-IG-Android-ID': this.client.state.deviceId,
-      'Accept-Language': (this.client.state.language || 'en_US').replace('_', '-'),
-      'X-FB-HTTP-Engine': 'Liger',
-      'Authorization': this.client.state.authorization,
-      'Host': 'i.instagram.com',
+      'X-IG-Bandwidth-Speed-KBPS': (random(2500000, 3000000) / 1000).toFixed(3),
+      'X-IG-Bandwidth-TotalBytes-B': String(random(5000000, 90000000)),
+      'X-IG-Bandwidth-TotalTime-MS': String(random(2000, 9000)),
+      'X-IG-App-Startup-Country': (state.country || 'US').toUpperCase(),
+      'X-Bloks-Version-Id': state.bloksVersionId,
+      'X-IG-WWW-Claim': state.igWWWClaim || '0',
+      'X-Bloks-Is-Layout-RTL': 'false',
+      'X-Bloks-Is-Panorama-Enabled': 'true',
+      'X-IG-Device-ID': state.uuid,
+      'X-IG-Family-Device-ID': state.phoneId,
+      'X-IG-Android-ID': state.deviceId,
+      'X-IG-Timezone-Offset': String(state.timezoneOffset),
+      'X-IG-Connection-Type': state.connectionTypeHeader || 'WIFI',
+      'X-IG-Capabilities': state.capabilitiesHeader || '3brTvx0=',
+      'X-IG-App-ID': state.fbAnalyticsApplicationId,
+      'Priority': 'u=3',
+      'User-Agent': state.appUserAgent,
+      'Accept-Language': acceptLanguage,
+      'X-MID': state.mid || '',
       'Accept-Encoding': 'gzip, deflate',
+      'Host': 'i.instagram.com',
+      'X-FB-HTTP-Engine': 'Liger',
       'Connection': 'keep-alive',
+      'X-FB-Client-IP': 'True',
+      'X-FB-Server-Cluster': 'True',
+      'IG-INTENDED-USER-ID': String(userId || 0),
+      'X-IG-Nav-Chain': '9MV:self_profile:2,ProfileMediaTabFragment:self_profile:3,9Xf:self_following:4',
+      'X-IG-SALT-IDS': String(random(1061162222, 1061262222)),
     };
+
+    if (state.authorization) {
+      headers['Authorization'] = state.authorization;
+    }
+
+    if (userId && userId !== 0 && userId !== '0') {
+      const nextYear = Math.floor(Date.now() / 1000) + 31536000;
+      headers['IG-U-DS-USER-ID'] = String(userId);
+      headers['IG-U-IG-DIRECT-REGION-HINT'] = `LLA,${userId},${nextYear}:01f7bae7d8b131877d8e0ae1493252280d72f6d0d554447cb1dc9049b6b2c507c08605b7`;
+      headers['IG-U-SHBID'] = `12695,${userId},${nextYear}:01f778d9c9f7546cf3722578fbf9b85143cd6e5132723e5c93f40f55ca0459c8ef8a0d9f`;
+      headers['IG-U-SHBTS'] = `${Math.floor(Date.now() / 1000)},${userId},${nextYear}:01f7ace11925d0388080078d0282b75b8059844855da27e23c90a362270fddfb3fae7e28`;
+      headers['IG-U-RUR'] = `RVA,${userId},${nextYear}:01f7f627f9ae4ce2874b2e04463efdb184340968b1b006fa88cb4cc69a942a04201e544c`;
+    }
+    if (state.igURur) {
+      headers['IG-U-RUR'] = state.igURur;
+    }
+    if (state.igWWWClaim) {
+      headers['X-IG-WWW-Claim'] = state.igWWWClaim;
+    }
+
+    return headers;
   }
 }
 

package/dist/core/state.js

@@ -19,9 +19,10 @@ class State {
 
     // basic defaults
     this.language = 'en_US';
-    this.timezoneOffset = String(new Date().getTimezoneOffset() * -60);
+    this.locale = 'en_US';
+    this.timezoneOffset = new Date().getTimezoneOffset() * -60;
     this.radioType = 'wifi-none';
-    this.capabilitiesHeader = '3brTv10=';
+    this.capabilitiesHeader = '3brTvx0=';
     this.connectionTypeHeader = 'WIFI';
     this.isLayoutRTL = false;
     this.adsOptOut = false;
@@ -33,6 +34,14 @@ class State {
     this.pigeonSessionIdLifetime = 1200000;
     this.parsedAuthorization = undefined;
 
+    this.mid = '';
+    this.country = 'US';
+    this.countryCode = 1;
+    this.igURur = '';
+    this.igWWWClaim = '0';
+    this.requestId = '';
+    this.traySessionId = '';
+
     // ===== PLATFORM SUPPORT (iOS + Android) =====
     this.platform = 'android'; // 'android' or 'ios'
     this.iosVersion = '18.3';
@@ -281,13 +290,19 @@ class State {
       build: this.build,
       authorization: this.authorization,
       igWWWClaim: this.igWWWClaim,
+      igURur: this.igURur,
+      mid: this.mid,
+      country: this.country,
+      countryCode: this.countryCode,
+      locale: this.locale,
       passwordEncryptionKeyId: this.passwordEncryptionKeyId,
       passwordEncryptionPubKey: this.passwordEncryptionPubKey,
-      // keep other runtime fields that may be present
       language: this.language,
       timezoneOffset: this.timezoneOffset,
       connectionTypeHeader: this.connectionTypeHeader,
-      capabilitiesHeader: this.capabilitiesHeader
+      capabilitiesHeader: this.capabilitiesHeader,
+      requestId: this.requestId,
+      traySessionId: this.traySessionId
     };
     return obj;
   }
@@ -395,6 +410,8 @@ class State {
     this.phoneId = chance.guid();
     this.adid = chance.guid();
     this.build = 'UP1A.231005.007';
+    this.requestId = chance.guid();
+    this.traySessionId = chance.guid();
   }
 
   regenerateDevice(seed = 'instagram-private-api') {

package/dist/fbns/fbns.client.js

@@ -239,7 +239,6 @@ class FbnsClient extends eventemitter3_1.EventEmitter {
                 is_main_push_channel: true,
                 device_sub_type: 2,
                 device_token: token,
-                _csrftoken: this.ig.state.cookieCsrfToken,
                 guid: this.ig.state.uuid,
                 uuid: this.ig.state.uuid,
                 users: this.ig.state.cookieUserId,

package/dist/repositories/account.repository.js

@@ -68,21 +68,21 @@ class AccountRepository extends Repository {
     }
 
     return this.requestWithRetry(async () => {
+      const countryCode = this.client.state.countryCode || 1;
       const response = await this.client.request.send({
         method: 'POST',
         url: '/api/v1/accounts/login/',
         form: this.client.request.sign({
-          username,
+          jazoest: AccountRepository.createJazoest(this.client.state.phoneId),
+          country_codes: JSON.stringify([{ country_code: String(countryCode), source: ['default'] }]),
+          phone_id: this.client.state.phoneId,
           enc_password: `#PWD_INSTAGRAM:4:${time}:${encrypted}`,
+          username,
+          adid: this.client.state.adid,
           guid: this.client.state.uuid,
-          phone_id: this.client.state.phoneId,
-          _csrftoken: this.client.state.cookieCsrfToken,
           device_id: this.client.state.deviceId,
-          adid: this.client.state.adid,
           google_tokens: '[]',
-          login_attempt_count: 0,
-          country_codes: JSON.stringify([{ country_code: '1', source: 'default' }]),
-          jazoest: AccountRepository.createJazoest(this.client.state.phoneId),
+          login_attempt_count: '0',
         }),
       });
 
@@ -98,7 +98,6 @@ class AccountRepository extends Repository {
                url: '/api/v1/accounts/login_confirm/',
                method: 'POST',
                form: this.client.request.sign({
-                  _csrftoken: this.client.state.cookieCsrfToken,
                   guid: this.client.state.uuid,
                   device_id: this.client.state.deviceId,
                   is_relogin: true,
@@ -136,7 +135,6 @@ class AccountRepository extends Repository {
         method: 'POST',
         url: '/api/v1/accounts/logout/',
         form: this.client.request.sign({
-          _csrftoken: this.client.state.cookieCsrfToken,
           _uuid: this.client.state.uuid,
         }),
       });
@@ -167,7 +165,6 @@ class AccountRepository extends Repository {
         method: 'POST',
         url: '/api/v1/qe/sync/',
         form: this.client.request.sign({
-          _csrftoken: this.client.state.cookieCsrfToken,
           id: this.client.state.uuid,
           server_config_retrieval: '1',
           experiments: this.client.state.constants.LOGIN_EXPERIMENTS,
@@ -244,7 +241,6 @@ class AccountRepository extends Repository {
         url: '/api/v1/accounts/send_recovery_flow_email/',
         method: 'POST',
         form: this.client.request.sign({
-          _csrftoken: this.client.state.cookieCsrfToken,
           adid: '',
           guid: this.client.state.uuid,
           device_id: this.client.state.deviceId,
@@ -265,7 +261,6 @@ class AccountRepository extends Repository {
         url: '/api/v1/accounts/send_recovery_flow_sms/',
         method: 'POST',
         form: this.client.request.sign({
-          _csrftoken: this.client.state.cookieCsrfToken,
           adid: '',
           guid: this.client.state.uuid,
           device_id: this.client.state.deviceId,

package/dist/repositories/close-friends.repository.js

@@ -16,7 +16,6 @@ class CloseFriendsRepository extends Repository {
       form: this.client.request.sign({
         add: JSON.stringify(addUserIds),
         remove: JSON.stringify(removeUserIds),
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),

package/dist/repositories/collection.repository.js

@@ -30,7 +30,6 @@ class CollectionRepository extends Repository {
       form: this.client.request.sign({
         name,
         added_media_ids: JSON.stringify(mediaIds),
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -46,7 +45,6 @@ class CollectionRepository extends Repository {
         name,
         added_media_ids: JSON.stringify(addedMediaIds),
         removed_media_ids: JSON.stringify(removedMediaIds),
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -59,7 +57,6 @@ class CollectionRepository extends Repository {
       url: `/api/v1/collections/${collectionId}/delete/`,
       method: 'POST',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),

package/dist/repositories/direct-thread.repository.js

@@ -94,7 +94,6 @@ class DirectThreadRepository extends Repository {
       action: 'send_item',
       [recipientsType]: JSON.stringify(recipientsIds),
       client_context: mutationToken,
-      _csrftoken: this.client.state.cookieCsrfToken,
       device_id: this.client.state.deviceId,
       mutation_token: mutationToken,
       _uuid: this.client.state.uuid,
@@ -144,7 +143,6 @@ class DirectThreadRepository extends Repository {
       client_context: clientContext,
       mutation_token: mutationToken,
       offline_threading_id: clientContext,
-      _csrftoken: this.client.state.cookieCsrfToken,
       device_id: this.client.state.deviceId,
       _uuid: this.client.state.uuid,
     };
@@ -210,7 +208,6 @@ class DirectThreadRepository extends Repository {
         url: `/api/v1/direct_v2/threads/${threadId}/items/${threadItemId}/seen/`,
         method: 'POST',
         form: {
-          _csrftoken: this.client.state.cookieCsrfToken,
           _uuid: this.client.state.uuid,
           use_unified_inbox: true,
           action: 'mark_seen',
@@ -230,7 +227,6 @@ class DirectThreadRepository extends Repository {
       const response = await this.client.request.send({
         url: `/api/v1/direct_v2/threads/${threadId}/items/${itemId}/delete/`,
         method: 'POST',
-        form: { _csrftoken: this.client.state.cookieCsrfToken, _uuid: this.client.state.uuid },
       });
       return response.body || response.data || response;
     });
@@ -244,7 +240,6 @@ class DirectThreadRepository extends Repository {
       const response = await this.client.request.send({
         url: `/api/v1/direct_v2/threads/${threadId}/approve/`,
         method: 'POST',
-        form: { _csrftoken: this.client.state.cookieCsrfToken, _uuid: this.client.state.uuid },
       });
       return response.body || response.data || response;
     });
@@ -258,7 +253,6 @@ class DirectThreadRepository extends Repository {
       const response = await this.client.request.send({
         url: `/api/v1/direct_v2/threads/${threadId}/decline/`,
         method: 'POST',
-        form: { _csrftoken: this.client.state.cookieCsrfToken, _uuid: this.client.state.uuid },
       });
       return response.body || response.data || response;
     });
@@ -272,7 +266,6 @@ class DirectThreadRepository extends Repository {
       const response = await this.client.request.send({
         url: `/api/v1/direct_v2/threads/${threadId}/mute/`,
         method: 'POST',
-        form: { _csrftoken: this.client.state.cookieCsrfToken, _uuid: this.client.state.uuid },
       });
       return response.body || response.data || response;
     });
@@ -286,7 +279,6 @@ class DirectThreadRepository extends Repository {
       const response = await this.client.request.send({
         url: `/api/v1/direct_v2/threads/${threadId}/unmute/`,
         method: 'POST',
-        form: { _csrftoken: this.client.state.cookieCsrfToken, _uuid: this.client.state.uuid },
       });
       return response.body || response.data || response;
     });
@@ -301,7 +293,6 @@ class DirectThreadRepository extends Repository {
       const response = await this.client.request.send({
         url: `/api/v1/direct_v2/threads/${threadId}/add_user/`,
         method: 'POST',
-        form: { _csrftoken: this.client.state.cookieCsrfToken, user_ids: JSON.stringify(userIds), _uuid: this.client.state.uuid },
       });
       return response.body || response.data || response;
     });
@@ -315,7 +306,6 @@ class DirectThreadRepository extends Repository {
       const response = await this.client.request.send({
         url: `/api/v1/direct_v2/threads/${threadId}/leave/`,
         method: 'POST',
-        form: { _csrftoken: this.client.state.cookieCsrfToken, _uuid: this.client.state.uuid },
       });
       return response.body || response.data || response;
     });
@@ -329,7 +319,6 @@ class DirectThreadRepository extends Repository {
       const response = await this.client.request.send({
         url: `/api/v1/direct_v2/threads/${threadId}/update_title/`,
         method: 'POST',
-        form: { _csrftoken: this.client.state.cookieCsrfToken, _uuid: this.client.state.uuid, title },
       });
       return response.body || response.data || response;
     });

package/dist/repositories/direct.repository.js

@@ -114,7 +114,6 @@ class DirectRepository extends Repository {
         method: 'POST',
         url: '/api/v1/direct_v2/create_group_thread/',
         form: this.client.request.sign({
-          _csrftoken: this.client.state.cookieCsrfToken,
           _uuid: this.client.state.uuid,
           _uid: this.client.state.cookieUserId,
           recipient_users: JSON.stringify(recipientUsers),

package/dist/repositories/feed.repository.js

@@ -220,7 +220,6 @@ class FeedRepository extends Repository {
         caption: caption || '',
         client_sidecar_id: Date.now(),
         children_metadata: uploadIds,
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),

package/dist/repositories/friendship.repository.js

@@ -6,7 +6,6 @@ class FriendshipRepository extends Repository {
       method: 'POST',
       url: `/api/v1/friendships/create/${userId}/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         user_id: userId,
@@ -21,7 +20,6 @@ class FriendshipRepository extends Repository {
       method: 'POST',
       url: `/api/v1/friendships/destroy/${userId}/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         user_id: userId,
@@ -45,7 +43,6 @@ class FriendshipRepository extends Repository {
       method: 'POST',
       url: '/api/v1/friendships/show_many/',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
         user_ids: userIds.join(','),
       }),
@@ -59,7 +56,6 @@ class FriendshipRepository extends Repository {
       method: 'POST',
       url: `/api/v1/friendships/approve/${userId}/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         user_id: userId,
@@ -74,7 +70,6 @@ class FriendshipRepository extends Repository {
       method: 'POST',
       url: `/api/v1/friendships/ignore/${userId}/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         user_id: userId,
@@ -89,7 +84,6 @@ class FriendshipRepository extends Repository {
       method: 'POST',
       url: `/api/v1/friendships/remove_follower/${userId}/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         user_id: userId,
@@ -104,7 +98,6 @@ class FriendshipRepository extends Repository {
       method: 'POST',
       url: `/api/v1/friendships/block/${userId}/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         user_id: userId,
@@ -119,7 +112,6 @@ class FriendshipRepository extends Repository {
       method: 'POST',
       url: `/api/v1/friendships/unblock/${userId}/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         user_id: userId,
@@ -131,7 +123,6 @@ class FriendshipRepository extends Repository {
 
   async mute(userId, options = {}) {
     const form = {
-      _csrftoken: this.client.state.cookieCsrfToken,
       _uid: this.client.state.cookieUserId,
       _uuid: this.client.state.uuid,
       user_id: userId,
@@ -155,7 +146,6 @@ class FriendshipRepository extends Repository {
 
   async unmute(userId, options = {}) {
     const form = {
-      _csrftoken: this.client.state.cookieCsrfToken,
       _uid: this.client.state.cookieUserId,
       _uuid: this.client.state.uuid,
       user_id: userId,

package/dist/repositories/hashtag.repository.js

@@ -56,7 +56,6 @@ class HashtagRepository extends Repository {
       method: 'POST',
       url: `/api/v1/tags/follow/${hashtag}/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -70,7 +69,6 @@ class HashtagRepository extends Repository {
       method: 'POST',
       url: `/api/v1/tags/unfollow/${hashtag}/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),

package/dist/repositories/highlights.repository.js

@@ -24,7 +24,6 @@ class HighlightsRepository extends Repository {
 
   async create(title, storyIds, coverMediaId = null) {
     const form = {
-      _csrftoken: this.client.state.cookieCsrfToken,
       _uuid: this.client.state.uuid,
       title: title,
       media_ids: JSON.stringify(storyIds),
@@ -46,7 +45,6 @@ class HighlightsRepository extends Repository {
 
   async edit(highlightId, title, storyIds, coverMediaId = null) {
     const form = {
-      _csrftoken: this.client.state.cookieCsrfToken,
       _uuid: this.client.state.uuid,
       title: title,
       added_media_ids: JSON.stringify(storyIds),
@@ -71,7 +69,6 @@ class HighlightsRepository extends Repository {
       method: 'POST',
       url: `/api/v1/highlights/${highlightId}/delete_reel/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
       }),
     });
@@ -84,7 +81,6 @@ class HighlightsRepository extends Repository {
       method: 'POST',
       url: `/api/v1/highlights/${highlightId}/add_highlight/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
         added_media_ids: JSON.stringify(storyIds),
         source: 'story_viewer',
@@ -99,7 +95,6 @@ class HighlightsRepository extends Repository {
       method: 'POST',
       url: `/api/v1/highlights/${highlightId}/remove_highlight/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
         removed_media_ids: JSON.stringify(storyIds),
       }),
@@ -113,7 +108,6 @@ class HighlightsRepository extends Repository {
       method: 'POST',
       url: `/api/v1/highlights/${highlightId}/edit_reel/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
         cover_media_id: coverMediaId,
         source: 'story_viewer',

package/dist/repositories/media.repository.js

@@ -8,7 +8,6 @@ class MediaRepository extends Repository {
       form: this.client.request.sign({
         igtv_feed_preview: false,
         media_id: mediaId,
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -23,7 +22,6 @@ class MediaRepository extends Repository {
       method: 'POST',
       form: this.client.request.sign({
         media_id: mediaId,
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         radio_type: this.client.state.radioType,
@@ -40,7 +38,6 @@ class MediaRepository extends Repository {
       method: 'POST',
       form: this.client.request.sign({
         media_id: mediaId,
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         radio_type: this.client.state.radioType,
@@ -58,7 +55,6 @@ class MediaRepository extends Repository {
       form: this.client.request.sign({
         media_id: mediaId,
         comment_text: commentText,
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         radio_type: this.client.state.radioType,
@@ -74,7 +70,6 @@ class MediaRepository extends Repository {
       url: `/api/v1/media/${mediaId}/comment/${commentId}/delete/`,
       method: 'POST',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -93,7 +88,6 @@ class MediaRepository extends Repository {
       form: this.client.request.sign({
         igtv_feed_preview: false,
         media_id: mediaId,
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -109,7 +103,6 @@ class MediaRepository extends Repository {
       form: this.client.request.sign({
         igtv_feed_preview: false,
         media_id: mediaId,
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         caption_text: captionText,
@@ -127,7 +120,6 @@ class MediaRepository extends Repository {
         reels: JSON.stringify(reels),
         live_vods: JSON.stringify([]),
         nf_token: '',
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         container_module: 'feed_short_url',
@@ -168,7 +160,6 @@ class MediaRepository extends Repository {
         media_id: mediaId,
         comment_text: replyText,
         replied_to_comment_id: commentId,
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         radio_type: this.client.state.radioType,
@@ -182,7 +173,6 @@ class MediaRepository extends Repository {
       url: `/api/v1/media/${mediaId}/comment/${commentId}/comment_like/`,
       method: 'POST',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -195,7 +185,6 @@ class MediaRepository extends Repository {
       url: `/api/v1/media/${mediaId}/comment/${commentId}/comment_unlike/`,
       method: 'POST',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -209,7 +198,6 @@ class MediaRepository extends Repository {
       method: 'POST',
       form: this.client.request.sign({
         comment_ids_to_delete: commentIds.join(','),
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -219,7 +207,6 @@ class MediaRepository extends Repository {
 
   async save(mediaId, collectionId = null) {
     const form = {
-      _csrftoken: this.client.state.cookieCsrfToken,
       _uid: this.client.state.cookieUserId,
       _uuid: this.client.state.uuid,
     };
@@ -237,7 +224,6 @@ class MediaRepository extends Repository {
       url: `/api/v1/media/${mediaId}/unsave/`,
       method: 'POST',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -251,7 +237,6 @@ class MediaRepository extends Repository {
       method: 'POST',
       form: this.client.request.sign({
         media_id: mediaId,
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -265,7 +250,6 @@ class MediaRepository extends Repository {
       method: 'POST',
       form: this.client.request.sign({
         media_id: mediaId,
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -278,7 +262,6 @@ class MediaRepository extends Repository {
       url: `/api/v1/media/${mediaId}/disable_comments/`,
       method: 'POST',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),
@@ -291,7 +274,6 @@ class MediaRepository extends Repository {
       url: `/api/v1/media/${mediaId}/enable_comments/`,
       method: 'POST',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),

package/dist/repositories/news.repository.js

@@ -25,7 +25,6 @@ class NewsRepository extends Repository {
       url: '/api/v1/news/inbox_seen/',
       method: 'POST',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
       }),
     });

package/dist/repositories/story.repository.js

@@ -9,7 +9,6 @@ class StoryRepository extends Repository {
       url: `/api/v1/media/${storyId}/story_react/`,
       method: 'POST',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         reaction_type: 'like',

package/dist/repositories/upload.repository.js

@@ -103,7 +103,6 @@ class UploadRepository extends Repository {
       upload_id: options.uploadId,
       source_type: options.source_type || '4',
       camera_position: options.camera_position || 'back',
-      _csrftoken: this.client.state.cookieCsrfToken,
       _uid: this.client.state.cookieUserId,
       _uuid: this.client.state.uuid,
       creation_logger_session_id: this.chance.guid(),

package/dist/repositories/user.repository.js

@@ -37,7 +37,6 @@ class UserRepository extends Repository {
       method: 'POST',
       url: `/api/v1/friendships/create/${userId}/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         user_id: userId,
@@ -52,7 +51,6 @@ class UserRepository extends Repository {
       method: 'POST',
       url: `/api/v1/friendships/destroy/${userId}/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         user_id: userId,
@@ -95,7 +93,6 @@ class UserRepository extends Repository {
       url: '/api/v1/friendships/show_many/',
       form: this.client.request.sign({
         user_ids: userIds.join(','),
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
       }),
     });
@@ -126,7 +123,6 @@ class UserRepository extends Repository {
       method: 'POST',
       url: '/api/v1/accounts/set_biography/',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
         raw_text: biography,
@@ -141,7 +137,6 @@ class UserRepository extends Repository {
       url: `/api/v1/users/${userId}/flag_user/`,
       form: this.client.request.sign({
         reason_id: reason,
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uid: this.client.state.cookieUserId,
         _uuid: this.client.state.uuid,
       }),

package/dist/services/live.service.js

@@ -12,7 +12,6 @@ class LiveService extends Repository {
       method: 'POST',
       url: '/api/v1/live/create/',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
         preview_width: previewWidth,
         preview_height: previewHeight,
@@ -28,7 +27,6 @@ class LiveService extends Repository {
       method: 'POST',
       url: `/api/v1/live/${broadcastId}/start/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
         should_send_notifications: shouldSendNotifications ? '1' : '0',
       }),
@@ -42,7 +40,6 @@ class LiveService extends Repository {
       method: 'POST',
       url: `/api/v1/live/${broadcastId}/end_broadcast/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
         end_after_copyright_warning: endAfterCopyrightWarning ? '1' : '0',
       }),
@@ -74,7 +71,6 @@ class LiveService extends Repository {
       method: 'POST',
       url: `/api/v1/live/${broadcastId}/comment/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
         user_breadcrumb: this.client.request.userBreadcrumb(message.length),
         idempotence_token: Date.now(),
@@ -92,7 +88,6 @@ class LiveService extends Repository {
       method: 'POST',
       url: `/api/v1/live/${broadcastId}/like/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
         user_like_count: likeCount,
       }),
@@ -106,7 +101,6 @@ class LiveService extends Repository {
       method: 'POST',
       url: `/api/v1/live/${broadcastId}/heartbeat_and_get_viewer_count/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
         offset_to_video_start: '0',
       }),
@@ -120,7 +114,6 @@ class LiveService extends Repository {
       method: 'POST',
       url: `/api/v1/live/${broadcastId}/mute_comment/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
         user_id: userId,
       }),
@@ -134,7 +127,6 @@ class LiveService extends Repository {
       method: 'POST',
       url: `/api/v1/live/${broadcastId}/unmute_comment/`,
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
         user_id: userId,
       }),

package/dist/services/search.service.js

@@ -86,7 +86,6 @@ class SearchService extends Repository {
       method: 'POST',
       url: '/api/v1/fbsearch/clear_search_history/',
       form: this.client.request.sign({
-        _csrftoken: this.client.state.cookieCsrfToken,
         _uuid: this.client.state.uuid,
       }),
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodejs-insta-private-api-mqtt",
-  "version": "1.3.64",
+  "version": "1.3.65",
   "description": "Complete Instagram MQTT protocol with FULL iOS + Android support. 33 device presets (21 iOS + 12 Android). iPhone 16/15/14/13/12, iPad Pro, Samsung, Pixel, Huawei. Real-time DM messaging, view-once media extraction, sub-500ms latency.",
   "main": "dist/index.js",
   "scripts": {