Spotify Community

ThePodfather · 2025-02-12

Hey all, we’re making some changes to the Spotify Web API. To improve security, we are planning to remove support for two ways of integrating with Spotify that have been replaced with more secure alternatives.

Please check the Spotify for Developers blog for further information

anty_ant_ant · 2025-02-12

Is the intent of this to block folks from using Car thing hardware for the DeskThing project?

S4vageDreams · 2025-02-12

I got this notification and the only 2 things I'm aware of currently that are active are Spoticord(Discord Bot) and Lumia Stream integration for Spotify. I will get rid of both of them if I have to im just wanting to know which it is

brtmax · 2025-02-14

@ThePodfather

This change is not currently working as intended I believe. When I change the loopback URI to something using 127.0.0.1 instead of localhost, it get's automatically translated to "localhost" in the developer dashboard after refreshing the page.

For example:

If I edit the settings in the developer dashboard, enter http://127.0.0.1:8888/callback, save and refresh the page, it says http://localhost:8888/callback

Edit:

Ximzend · 2025-02-14

Hi @brtmax that's weird. I'm going to look if it also happens to me.

Update: it happens to me as well, but if I go to another page and go back, the changes are there.

XimzendSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

Morganic1 · 2025-02-15

Thanks for the heads up.

Just wondering, the wording regarding PKCE and Authorization Code is a bit ambigiously formulated. I hope you guys will be able to clear up any doubt regarding that:

You write the following in the 'What's next' section: "If you are using a public client (one which cannot securely store a secret), you will be expected to use the PKCE extension. Confidential clients (ones which can store a secret) must use it.".

I'm a bit puzzled if the 'must use it' in regards to confidential clients refers back to the PKCE extension or the Authorization Code Flow as a whole. I would expect there to be no changes in terms of the existing Authorization Code flow, and that this is not being deprecated for the Authorization Code PKCE flow.

Could you please confirm that this is indeed correctly understood? And if so, please consider updating the blog posts, as it is a bit ambigious.

Thanks again.

malikmohsin · 2025-02-17

"As Spotify increases security requirements for Web API integration, will this impact third-party apps like FlixFox? It’s crucial for developers to stay updated and ensure compliance. Can we get clarity on the specific changes affecting existing integrations?"

MarvinBrouwer

I asked this question to support first, they referred me to reply to this thread.

I am making an app to scan Spotify codes and playing them without seeing the song (I will probably add a feature to show the attribution afterward to comply with those terms)
It's not a game in itself, but, we intend to use this for trivia quizzes with friends.
Today I read the developer terms, and I came across this line: "2. Do not create a game, including trivia quizzes."
You can check it here for reference: https://developer.spotify.com/policy 
I'm mostly wondering about this policy term.
I see in the community I'm not the only one.
In fact, I've played a game doing this exact thing called Hitster.
This community post also references that: https://community.spotify.com/t5/Spotify-for-Developers/The-quiz-game-maybe-it-s-time-to-answer/m-p/...
What is your current stance on this policy?

This article has been created in 2023 and hasn't had an official reply from Spotify yet.
I found some other community posts about this too, no reply from Spotify.

Please let me know what the current stance is on this policy, and what we can do about removing it.
Edit:
Similar to @Richardschreurs's reply, if there is a way to get exemption from policy by means of contract or partnership, please be transparent about this and tell us.
And perhaps if true, explain how to apply.

Richardschreurs

So no reply from Spotify. I really want to be a partner of Spotify, like Hitster is. How can I arrange such a thing? Anybody managed to do this?

SemajOG

This stuff pisses me off when I like a artist but they have 3 albums AND 8 FING THOUSAND SINGLES PLEASE MAKE A OPTION ON THERE ARTIST PAGE TO ADD ALL SONGS THEY MADE/FT IN I DON'T LIKE SPENDING 30MINS JUST TO ADD ALL THERE WORK WITH A SIDE OF CARPETUNNEL SYNDROME IF THERE A SONG I DON'T LIKE ILL JUST UN ADD IT

Irishtalkers

I am not sure whether this is a result of the API changes or not, but the 400+ episodes embedded on our website www.irishtalkers.com using the previous iFrame code no longer work. Instead, the embed code has been completely changed and I see no way of accessing that code until the podcast has been published. Is there any way of getting this code from inside the editing pages for the podcast?

GrimmReaper1O1

Hello, great to talk to all of you. I know it's a rude question to ask but is your webplaybackSDK working at the moment. I've got the tokens to access tracks but I can't for the life of me get the dam thing to play a track with a wrapper or any method I try and I'm about to give up. All I get is the PUT 400 bad request at the moment. Would appreciate any advice I can get at this point.

Spotify Community

Help categories

Account & Payment

Using Spotify

Listen Everywhere

Increasing security requirements for integration with Spotify Web API

Increasing security requirements for integration with Spotify Web API

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

FAQs

Ongoing Issues

Help categories

Account & Payment

Using Spotify

Listen Everywhere

Increasing security requirements for integration with Spotify Web API

Increasing security requirements for integration with Spotify Web API

Suggested posts

Let's introduce ourselves!