topic No Client Secret Needed? in Spotify for Developers https://community.spotify.com/t5/Spotify-for-Developers/No-Client-Secret-Needed/m-p/5635173#M10713 <P>I am currently working on a web app using the spotify api. I am accessing the api via&nbsp;spotify-web-api-ts-sdk which can be found here <A href="https://github.com/spotify/spotify-web-api-ts-sdk/" target="_blank" rel="noopener">https://github.com/spotify/spotify-web-api-ts-sdk/</A></P><P><BR />When creating an sdk object, we can use the function&nbsp;<SPAN>withUserAuthorization providing a cliendId, redirectUri scopes and optional config. I have noticed that this does NOT actually ask for a client secret. Which, knowing that the client id can, and IS, public as can be seen here:&nbsp;<A href="https://protect-us.mimecast.com/s/dJ7fC82D4vF6O34VJTnxmbW?domain=community.spotify.com" target="_blank" rel="noopener">https://community.spotify.com/t5/Spotify-for-Developers/Do-i-have-to-keep-the-Client-ID-secret/td-p/5258016</A></SPAN></P><P>&nbsp;</P><P><SPAN>My question is, what keeps non authorized people from connecting to my api app?</SPAN></P> Tue, 12 Sep 2023 19:11:23 GMT ClydeFrog04 2023-09-12T19:11:23Z No Client Secret Needed? https://community.spotify.com/t5/Spotify-for-Developers/No-Client-Secret-Needed/m-p/5635173#M10713 <P>I am currently working on a web app using the spotify api. I am accessing the api via&nbsp;spotify-web-api-ts-sdk which can be found here <A href="https://github.com/spotify/spotify-web-api-ts-sdk/" target="_blank" rel="noopener">https://github.com/spotify/spotify-web-api-ts-sdk/</A></P><P><BR />When creating an sdk object, we can use the function&nbsp;<SPAN>withUserAuthorization providing a cliendId, redirectUri scopes and optional config. I have noticed that this does NOT actually ask for a client secret. Which, knowing that the client id can, and IS, public as can be seen here:&nbsp;<A href="https://protect-us.mimecast.com/s/dJ7fC82D4vF6O34VJTnxmbW?domain=community.spotify.com" target="_blank" rel="noopener">https://community.spotify.com/t5/Spotify-for-Developers/Do-i-have-to-keep-the-Client-ID-secret/td-p/5258016</A></SPAN></P><P>&nbsp;</P><P><SPAN>My question is, what keeps non authorized people from connecting to my api app?</SPAN></P> Tue, 12 Sep 2023 19:11:23 GMT https://community.spotify.com/t5/Spotify-for-Developers/No-Client-Secret-Needed/m-p/5635173#M10713 ClydeFrog04 2023-09-12T19:11:23Z