1. I'm really curious as to what's the desired outcome here? A spambot to flood people's notifications?
2. I'll admit that I have absolutely no idea how Instagram's API layer (and protection) works but wouldn't capturing the HTTP calls a more appropriate and easier approach to take?
I know agencies get paid to manage other business's instagram accounts, and want ways to post/comment/engage/etc with multiple business's accounts at once. You'd still have a human driving/scheduling/approving the activity, but you wouldn't have to jump between so many hoops to do so.
2. Leveraging their private APIs will get you banned even quicker than OPs method.
Anything not from their vanilla app, the littlest dot on their charts will trigger severe alarms and actions.
Big correlation systems. The safest path used to be to automate the app itself, through mobile automation, but they even got too sensitive to that.
I don't doubt the whole app has a behavioural analysis component, full screen size, much like a big "I am not a robot" checkbox.
Also, it's very likely their private APIs are CSRF-protected or similar.