Skip to main content
Instagram uses checkpoint challenges to protect accounts from automated access and suspicious activity. When a checkpoint is triggered during login, JxInsta throws InstagramException with reason CHECKPOINT_REQUIRED. There are three distinct checkpoint types, each with a different cause and resolution. Understanding which checkpoint you have hit — and why — is necessary to recover the account and prevent the same issue from recurring.

Catching a checkpoint

Before diving into the individual checkpoint types, here is how to detect a CHECKPOINT_REQUIRED error in your code:
Catch CHECKPOINT_REQUIRED
import com.jxinsta.mobile.JxInsta; // or com.jxinsta.web.JxInsta
import com.jxinsta.mobile.InstagramException;
import java.io.IOException;

try {
    JxInsta insta = new JxInsta("your_username", "your_password");
} catch (InstagramException e) {
    if (e.getReason() == InstagramException.Reasons.CHECKPOINT_REQUIRED) {
        System.err.println("Instagram requires a checkpoint. Check the account in a browser.");
    } else {
        throw e;
    }
} catch (IOException e) {
    System.err.println("Network error: " + e.getMessage());
}
Do not repeatedly retry login after a CHECKPOINT_REQUIRED error without resolving the checkpoint first. Additional attempts can deepen the restriction or cause a SENTRY_BLOCK.

Checkpoint types

Each checkpoint type has a distinct message shown in the Instagram app or browser, and requires a different resolution.
Message: “Suspicious Login Attempt”Cause: Instagram detected too many login attempts in a short period of time. This checkpoint is triggered when you send more than approximately 3 login requests within a 2-minute window from the same account.Resolution:
  • Stop all login attempts immediately.
  • Wait at least 10 minutes before trying again.
  • Keep your request rate below 3 logins per 2-minute window.
Retry with enforced delay
import com.jxinsta.mobile.JxInsta;
import com.jxinsta.mobile.InstagramException;

int maxAttempts = 3;
long delayMs = 10 * 60 * 1000L; // 10 minutes in milliseconds

for (int attempt = 1; attempt <= maxAttempts; attempt++) {
    try {
        JxInsta insta = new JxInsta("your_username", "your_password");
        System.out.println("Login successful on attempt " + attempt);
        break;
    } catch (InstagramException e) {
        if (e.getReason() == InstagramException.Reasons.CHECKPOINT_REQUIRED) {
            System.err.println("Checkpoint hit. Waiting 10 minutes before retry.");
            Thread.sleep(delayMs);
        } else {
            throw e;
        }
    }
}
Use session caching to avoid repeated logins altogether. If a valid cached token exists, no login request is made.
Message: “We Detected An Unusual Login Attempt”Cause: Instagram detected a login from an unrecognised device or IP address. This typically happens when you change the device ID, UUID, or user-agent string between login attempts for the same account, or when the IP address changes between retries.Resolution:
  • Open Instagram in a browser or the official app while logged in as the affected account.
  • Navigate to the security notification and click “This was me” to confirm the login.
  • Do not change the device ID, UUID, or user-agent between retries. Keep these values consistent for each account across all login attempts.
Changing connection headers or device identifiers between retries makes Instagram treat each attempt as a new, unknown device. This compounds the problem and makes the checkpoint harder to clear.
Message: “We suspected automation behaviour”Cause: Instagram detected a pattern consistent with bot activity, typically because requests were made too rapidly. This checkpoint is triggered by sending API requests in quick succession without adequate delays between them.Resolution:
  • Add a minimum delay of 5 seconds between consecutive API requests.
  • Avoid burst patterns such as looping requests without any sleep.
Add delay between requests
import com.jxinsta.mobile.JxInsta;

JxInsta insta = new JxInsta("your_username", "your_password");

String[] userIds = { "111111111", "222222222", "333333333" };

for (String userId : userIds) {
    // perform your request here
    System.out.println("Processing user: " + userId);

    // enforce minimum 5-second gap between requests
    Thread.sleep(5000);
}
Use randomised delays (for example, between 5 and 15 seconds) rather than a fixed interval. Perfectly uniform timing can itself look like automation.

General recommendations

These practices reduce the likelihood of hitting any checkpoint:
  • Cache sessions. Use JxInsta.getInstance(...) with a saved token or session instead of logging in on every run. See session caching.
  • Use consistent headers. Do not alter device identifiers, user-agent strings, UUIDs, or IPs between login retries for the same account.
  • Respect rate limits. Keep login attempts below 3 per 2-minute window and add at least 5 seconds between general API requests.
  • Do not rush retries. After a checkpoint, wait the full required period before attempting again. Impatience typically worsens the restriction.