Skip to main content

To understand the issue that we are going to have with Facebook/Instagram posts, you must first understand a little about APIs (Application Programming Interface).

APIs are the ‘agreement’ between our websites and other types of software on how to exchange information using set standards. This allows our websites to interact with other software and use all the hard work provided by the developers that made it in a way they’ve already designed.

One of the more convenient APIs is the oEmbed, which is a format for allowing an embedded representation of a URL on a third-party website. This lets a website display embedded content (such as photos or videos) using just a simple URL link to that resource.

In short, it’s how we have been able to show Facebook/Instagram content on our WordPress websites.

What is Going to Happen

APIs, like the software they connect with, change periodically.

Keeping up with these changes is often very easy and doesn’t require any actual changes to our websites to maintain compatibility.

That said, now and then, software/platform developers make radical changes to their code that then necessitate changes in how the API will work. Other times, as is the case with Facebook/Instagram, they change the way the API itself works and/or create restrictions on who and how the API can connect with other platforms.

As part of an upcoming API change, Facebook and Instagram will be dropping “unauthenticated” oEmbed support on October 24, which will break any content that is not embedded using an ‘authenticated’ piece of code. The change will force users to generate an app ID from a developer account in order to create and use embedded links via oEmbed API.

From Facebook

Changes to tokenless access for User Picture and FB/IG OEmbed endpoints: By October 24, 2020, developers must leverage a user, app, or client token when querying Graph API for user profile pictures via UID, FB OEmbeds and IG OEmbeds. Developers should provide a user or app token when querying for profile pictures via a UID or ASID, though client tokens are supported as well. Please visit our changelog for User PictureFacebook OEmbed and Instagram OEmbed for details on how to start calling these Graph API endpoints today.

Facebook for Developers blog

WordPress’s Response

In response to Facebook’s API change, WordPress will be removing Facebook as an oEmbed provider in an upcoming core release. This will break a lot of content – many years’ worth of posts in some instances.

The result will mean any of our websites that has Facebook/Instagram content embedded via the unauthenticated oEmbed API will no longer show the content, and instead revert to just the URL/code.


Moving Forward

The jerk reaction for many would be to create a developers account and continue embedding content.


Creating a developer’s account requires using your personal Facebook account – which would tie your personal information to any post that is embedded on a website.

Besides the privacy concerns that could be related to this solution, it also means that if you were to deactivate your developer’s account it would once again break the embeds unless the code was transferred to another individual’s personal development account.


As major players like Facebook and Instagram abandon open web APIs, the web is growing increasingly more fragmented. Facebook’s upcoming API change will leave millions of broken embeds in its wake, with little pieces of embedded history lost along the way, in instances where website owners are no longer updating their content.

Therefore, we recommend publishers re-examine how they include social media within their content.

Linking to Facebook/Instagram accounts will not be affected, but embedding content in websites will not be as easy without a plugin option – something that is not yet established within the School of Medicine.