Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Application key - shareable?

Solved!
Go to solution

Application key - shareable?

Avatar of catharsis
Regular
2013-04-08 02:40 PM

Hi,

 

Is the developer application key (for libspotify) supposed to be private? I.e., am I supposed to not share my key with anyone else?

 

If so, how are others supposed to use my application? If not, how does Spotify prevent misuse of my app key?

0 Likes
Reply

Accepted Solutions
Marked as solution

Avatar of Peter__
Community Legend
2013-04-08 04:39 PM

I don't work for Spotify so I don't have any additional information I can give you, however from reading the terms I would guess that the key needs to be stored in the program code rather than being read in from a human readable file or something like that. It also means that you can't open-source your application since the key would then be public. 

 

I am unsure if gdb would allow you to view the key if it was stored in the code and then distributed as a compiled executable?

 

Peter

Peter
Spotify Community Mentor and Troubleshooter

Spotify Last.FM Twitter LinkedIn Meet Peter Rock Star Jam 2014


If this post was helpful, please add kudos below!

View solution in original post

0 Likes
Marked as solution

Avatar of Peter__
Community Legend
2013-04-08 04:55 PM

Yeah, I know what you mean I am considering starting a little raspberry pi summer project this year! 

There are some places you can get support here.

 

Peter

Peter
Spotify Community Mentor and Troubleshooter

Spotify Last.FM Twitter LinkedIn Meet Peter Rock Star Jam 2014


If this post was helpful, please add kudos below!

View solution in original post

0 Likes
5 Replies

Avatar of Peter__
Community Legend
2013-04-08 03:35 PM

Hey 🙂 

 

Usage of Application Keys is covered in part 2 of the libspotify terms of usage

 

Peter

Peter
Spotify Community Mentor and Troubleshooter

Spotify Last.FM Twitter LinkedIn Meet Peter Rock Star Jam 2014


If this post was helpful, please add kudos below!

0 Likes

Avatar of catharsis
Regular
2013-04-08 03:52 PM

Hi Peter,

 

thanks for the quick reply! That answers my question. However, I'm still a bit uncertain as to what Spotify determines a "secure manner" of embedding the application key. As far as I can tell, libspotify doesn't accept an encrypted key. In other words (unless I'm wrong and the encryption part has simply been left out of the docs) it has to be embedded as-is. Of course, this would make it pretty easy for a third party to gain access to the key using, for example, gdb.

 

Does Spotify offer any recommendations on this? Any idea how other libspotify apps deal with this?

 

Thanks in advance,

Anton

0 Likes
Marked as solution

Avatar of Peter__
Community Legend
2013-04-08 04:39 PM

I don't work for Spotify so I don't have any additional information I can give you, however from reading the terms I would guess that the key needs to be stored in the program code rather than being read in from a human readable file or something like that. It also means that you can't open-source your application since the key would then be public. 

 

I am unsure if gdb would allow you to view the key if it was stored in the code and then distributed as a compiled executable?

 

Peter

Peter
Spotify Community Mentor and Troubleshooter

Spotify Last.FM Twitter LinkedIn Meet Peter Rock Star Jam 2014


If this post was helpful, please add kudos below!

0 Likes

Avatar of catharsis
Regular
2013-04-08 04:53 PM

I see, would you know of a better place where I might ask  this question instead? I'm very excited about the libspotify project, and applaude Spotify for the effort. However, I don't want to risk any liabilities by allowing others to use my application. I suppose a work-around would be to require all users to have their own app key, but the way I've understood it, that kind of defeats the purpose of the appkey (or at least one of them - the traceability).

 

To answer your question: yes, gdb (and any other debugger worth its salt) absolutely lets you see the key, as well as any other data. In the simple case (where you know the symbol name) it's as easy as:

gdb ./my-libspotify-app

(gdb) print /x g_appkey

< KEY HERE >

 

Thank you for your help, much appreciated!

 

Anton

 

0 Likes
Marked as solution

Avatar of Peter__
Community Legend
2013-04-08 04:55 PM

Yeah, I know what you mean I am considering starting a little raspberry pi summer project this year! 

There are some places you can get support here.

 

Peter

Peter
Spotify Community Mentor and Troubleshooter

Spotify Last.FM Twitter LinkedIn Meet Peter Rock Star Jam 2014


If this post was helpful, please add kudos below!

0 Likes

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 3 years ago in Social & Random
Read more