"We've updated our Platform Policy to explicitly list the use cases we will support moving forward," the company said on its developer site.
Instagram stresses that its new policy will continue to allow users to share their own content with third-party apps. The use cases detailed by the company include apps that lets users print photos and import an Instagram photo as a profile picture. However, any apps that request access to the entire Instagram feed will no longer be allowed. Instagram will begin reviewing new and existing apps before granting full API access starting December 3, and new application will not be granted access till that date. The existing apps have until June 1 2016 to comply with Instagram's new policies and be approved.
"We've heard from the community that it can be unclear where their content is being shared and viewed, so today we are deprecating the /users/self/feed and /media/popular API endpoints for new apps. Existing apps will have until the end of the review period before access to the endpoints is terminated," added the company.
The new API will "help brands and advertisers understand and manage their audience", according to the company.
The company also claims that the new API policy changes will help broadcasters and publishers discover content as well as get digital rights to media, and share media using web embeds.
The company confirmed plans to launch Sandbox Mode, which will allow developers privately build and test their apps using Instagram's APIs as the app is being reviewed.
To recall, Instagram passed the 400 million user mark in September and had also claimed that it had over 80 million pictures shared daily.
The API policy change from Instagram comes just days after a third-party app named InstaAgent was found to 'harvest' user names and passwords and send them to an unknown server. The app that came with full name "Who Viewed Your Profile - InstaAgent" was available to download both via Google Play and App Store (now pulled down), and was able to send user credentials to a remote server via clear text.