Spotify Community

colmmurphy016

Plan

Premium

Country

Ireland

Device

N/A

Operating System

N/A

My Question or Issue

For my personal website I would like to show a list of my recently played tracks on Spotify. This is made available via a rest api endpoint on my server. To authenticate my server with spotify's api I have defined my application's redirect_uri to `localhost:XXXX/api/spotify/callback`, and manually sign in to my account on launching the server

This is obviously not an ideal solution. It requires manual intervention every time the server is spun up, and raises some security concerns. Is there a better aproach that I missed?

Thanks.

ribezaz

Hello, welcome to the Spotify Community, it's great to help you!

It's great to see that you're integrating Spotify into your personal website! I understand your concern: manually logging in every time you start is not the most practical or secure approach.

In your case, the best solution would be to use the authorization flow with refresh token.

After the initial authentication (with the user's consent), you receive two tokens: the access token (short-lived) and the refresh token (long-lived).

With the refresh token, your server can request new access tokens automatically, without the need for a new manual login, maintaining access securely and continuously.

{
   "access_token": "NgCXRK...MzYjw",
   "token_type": "Bearer",
   "scope": "user-read-private user-read-email",
   "expires_in": 3600,
   "refresh_token": "NgAagA...Um_SHo"
}

The official Spotify documentation explains the process at this link.

If you want, I can also help you structure a basic example of how to store and use the refresh token on your server!

Keep me updated!

Cheers, ribezaz.

ribezazSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

View solution in original post

ribezaz

Hello, welcome to the Spotify Community, it's great to help you!

It's great to see that you're integrating Spotify into your personal website! I understand your concern: manually logging in every time you start is not the most practical or secure approach.

In your case, the best solution would be to use the authorization flow with refresh token.

After the initial authentication (with the user's consent), you receive two tokens: the access token (short-lived) and the refresh token (long-lived).

With the refresh token, your server can request new access tokens automatically, without the need for a new manual login, maintaining access securely and continuously.

{
   "access_token": "NgCXRK...MzYjw",
   "token_type": "Bearer",
   "scope": "user-read-private user-read-email",
   "expires_in": 3600,
   "refresh_token": "NgAagA...Um_SHo"
}

The official Spotify documentation explains the process at this link.

If you want, I can also help you structure a basic example of how to store and use the refresh token on your server!

Keep me updated!

Cheers, ribezaz.

ribezazSpotify Star

Help others find this answer and click "Accept as Solution".

If you appreciate my answer, maybe give me a Like.

Note: I'm not a Spotify employee.

Spotify Community

Help categories

Account & Payment

Using Spotify

Listen Everywhere

Proper auth method for a webserver sharing spotify data of only one user

Proper auth method for a webserver sharing spotify data of only one user

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

FAQs

Ongoing Issues

Help categories

Account & Payment

Using Spotify

Listen Everywhere

Proper auth method for a webserver sharing spotify data of only one user

Proper auth method for a webserver sharing spotify data of only one user

Suggested posts

Let's introduce ourselves!