Spotify Community

1. Spotify API Usage

• Available API Endpoints for Fetching Song Metadata and User Selection: The Spotify Web API offers a wide range of functionality for retrieving metadata. This includes the ability to:
  • Retrieve data for artists, albums, tracks, and shows. For example, you can use endpoints like "Get Track".
  • Search for Spotify content. The "Search for Item" endpoint allows you to query for tracks, artists, albums, playlists, shows, episodes, and audiobooks.
  • Manage a user's library, including getting saved tracks, albums, and shows.
  • Retrieve playlist details and items.
• Limitations on the Number of API Requests (Rate Limits/Quotas): Spotify implements quotas and restrictions to ensure the platform is accessed and used as intended.
  • Newly created apps start in development mode, which allows up to 25 authenticated Spotify users. Each user needs to be added to your app's allowlist. API requests with an access token from a non-allowlisted user will receive a 403 error.
  • For a wider audience, you need to request to move to extended quota mode. This requires Spotify's app review team to evaluate your app for compliance with the Developer Policy. Apps in extended quota mode can be installed by an unlimited number of users and have higher rate limits.
  • If your app reaches a quota limit, you can apply for a quota extension, specifying the use case. Spotify's review process for quota extensions can take around six weeks. There's no guarantee that your request will be approved.
  • It's crucial to avoid making excessive or redundant requests and try to bundle multiple actions into a single request whenever possible. Implementing intelligent caching can also reduce reliance on frequent API calls. You should monitor your usage and handle rate limit responses appropriately.

2. Playback and Streaming

• Official Ways to Stream Selected Songs Within a Third-Party App: Spotify offers a few ways to integrate playback, each with its own characteristics and limitations:
  • Web Playback SDK: This client-side JavaScript library allows you to create a Spotify Connect device in a browser and stream audio tracks from Spotify within your website. It requires a Spotify Premium subscription (excluding mobile-only Premium plans). The SDK provides methods to control playback and get metadata. This SDK must not be used in commercial projects without Spotify's prior written approval.
  • Spotify Android SDK and iOS SDK: These SDKs allow your native mobile applications to interact with the background Spotify app. They support getting metadata, issuing basic playback commands, and initiating playback. Playback is always in sync with the main Spotify app. To use these SDKs, your app needs the user's permission to control playback remotely.
  • Embeds: Spotify provides tools to create embeddable players for podcasts, albums, and other audio content on websites. These are interactive, allowing users to listen, learn about the creator, or follow the artist/show.
• Restrictions on Embedding a Spotify Player Within the App:
  • The Web Playback SDK is specifically designed for embedding a player within a website application. Its use in native mobile apps might not be the intended or supported scenario. Furthermore, commercial use requires prior written approval from Spotify.
  • The Android and iOS SDKs control playback within the official Spotify application running on the user's device, rather than embedding a separate player within your app.
  • If you are using Embeds, these are for websites.

3. User Authentication and Permissions

• Authentication Methods: To access the Spotify API, you need to implement authorization to obtain an access token. The sources mention different authorization flows:
  • The Authorization Library is part of the Android SDK and is responsible for authorizing your app and fetching the access token. The authorization guide explains the available methods for Android apps. The iOS SDK also has built-in support for user authentication.
  • For the Web API, you'll need to use one of the OAuth 2.0 flows, such as Authorization Code Flow or Authorization Code Flow with PKCE.
• Specific Scopes for Searching and Selecting Songs: Your application will use OAuth permission scopes to request access to specific user data and functionalities. When users authorize your app, they will see the requested permissions. For searching and selecting songs, relevant scopes likely include those allowing you to:
  • Access public content.
  • Potentially access a user's library to see their saved tracks or playlists (depending on your desired functionality).
  • Control playback if you intend to initiate playback through the SDKs.
  • You should only request the scopes your app actually needs. Requesting too many or unnecessary scopes can make users suspicious. You can find information about the data provided by each scope in Spotify's reference documentation.

4. Licensing and Compliance

• Licensing Restrictions on Using Spotify Content in a Non-Spotify Application: Yes, there are significant licensing restrictions:
  • Spotify's platform is for personal, non-commercial use only. Building software for restaurants, shops, bars, or other retail locations is prohibited.
  • Commercial uses are generally not permitted for Streaming SDAs. This includes selling the streaming SDA, in-app monetization within the streaming SDA, or selling advertising on the streaming SDA.
  • The Web Playback SDK must not be used in commercial projects without Spotify's prior written approval.
  • If you display any Spotify Content (metadata, cover art), you must clearly attribute it as being supplied by Spotify, using the Spotify Marks according to the Branding Guidelines. Metadata and cover art must also link back to the applicable content on the Spotify Service. You cannot offer metadata, cover art, or Audio Preview Clips as a standalone service or product.
  • You cannot store, aggregate, or create compilations or databases of Spotify Content (other than strictly necessary to operate your SDA) and should ensure displayed data is up-to-date. You cannot locally cache Spotify Content except for temporary caching of metadata and cover art to enhance performance, or Conditional Downloads of sound recordings which are only for Premium subscribers.
  • Using Spotify Content to train machine learning or AI models is prohibited.
  • You must comply with the Developer Terms, Developer Policy, and Branding Guidelines.
• Guidelines for Ensuring Compliance:
  • Familiarize yourself thoroughly with the Developer Terms, Developer Policy, Design & Branding Guidelines, and Widget Terms of Use (if applicable).
  • Ensure you provide a clear privacy policy that describes how you access, use, process, and disclose user data.
  • Provide users with an easily accessible mechanism to disconnect their Spotify account from your app and clear instructions on how to do so. When a user disconnects, you must delete their Spotify Personal Data.
  • Do not mislead users about your app's affiliation with Spotify.
  • Respect intellectual property rights. Do not perform actions like "stream ripping".
  • Adhere to the Naming and Branding Guidelines when naming your application and using the Spotify logo or brand elements.
  • If you use the Web Playback SDK, ensure you have Spotify's prior written approval for commercial use.
  • Regularly review the latest versions of Spotify's terms and policies as they may be updated.
  • Test accessibility of your application manually, as automated tests won't catch all issues. Consider the "Who might this experience exclude?" question in your design decisions. Make it easy to toggle accessibility controls during development.

5. Monetization Restrictions

• Yes, there are restrictions on using Spotify content within monetized features:
  • As mentioned earlier, commercialization of Streaming SDAs is generally not allowed. Charging users for a streaming app or including advertising within it is typically prohibited.
  • For Non-Streaming SDAs (apps that don't play music), limited commercial uses are permitted, such as selling the app or access to it, or including advertising. Examples include playlist manager apps or podcast notification apps.
  • Selling merchandise featuring artwork or metadata obtained from Spotify's developer tools is not allowed.
  • If your app uses the Web Playback SDK for Spotify Premium users and you have a premium subscription model in your app, this could be considered commercial use requiring explicit approval from Spotify.

It's crucial to carefully review the Spotify Developer Terms, Developer Policy, and Design & Branding Guidelines for the most up-to-date and detailed information. You should also consider submitting a request for clarification or approval to Spotify through the appropriate channels if your intended use case involves commercial aspects or falls outside the explicitly permitted uses. I also recommend to read the Compliance Tips for a more concise summary.

I hope this answers your question. If you have further questions, feel free to ask.