https://community.spotify.com/t5/Spotify-for-Developers/Redirect-URL/m-p/7057128#M18467 <P>Hi <a href="https://community.spotify.com/t5/user/viewprofilepage/user-id/26908795">@Zaura</a>&nbsp;</P> <P>Thank you for asking in the Spotify Community, and Welcome!</P> <P>&nbsp;</P> <P>I understand you want to know what a redirect URI is. Here is an explanation:</P> <P>&nbsp;</P> <P data-start="96" data-end="320">A <A href="https://developer.spotify.com/documentation/web-api/concepts/redirect_uri" target="_blank" rel="noopener"><STRONG data-start="98" data-end="114">redirect URI</STRONG></A> is the URL Spotify uses to send users back to your app after they approve or deny access. It's a required part of the <A href="https://developer.spotify.com/documentation/web-api/tutorials/code-flow" target="_blank" rel="noopener"><STRONG data-start="233" data-end="260">Authorization Code Flow</STRONG></A> and must be registered in your Spotify Developer Dashboard.</P> <H3 data-start="322" data-end="352">Redirect URI Requirements:</H3> <UL data-start="353" data-end="864"> <LI data-start="353" data-end="498"> <P data-start="355" data-end="498"><STRONG data-start="355" data-end="373">Must use HTTPS</STRONG>, unless you're using a loopback address like <CODE data-start="419" data-end="442"><A href="http://127.0.0.1:PORT" target="_blank" rel="noopener">http://127.0.0.1:PORT</A></CODE> or <CODE data-start="446" data-end="465">http://[::1]:PORT</CODE>. <STRONG data-start="467" data-end="497"><CODE data-start="469" data-end="480">localhost</CODE> is not allowed</STRONG>.</P> </LI> <LI data-start="499" data-end="605"> <P data-start="501" data-end="605">The redirect URI must <STRONG data-start="523" data-end="540">exactly match</STRONG> what you registered — including case, slashes, and port numbers.</P> </LI> <LI data-start="606" data-end="742"> <P data-start="608" data-end="742"><STRONG data-start="608" data-end="630">Custom URI schemes</STRONG> are supported, but HTTPS is recommended. For mobile apps, use <STRONG data-start="693" data-end="714">Android App Links</STRONG> or <STRONG data-start="718" data-end="741">iOS Universal Links</STRONG>.</P> </LI> <LI data-start="743" data-end="864"> <P data-start="745" data-end="864">Starting <STRONG data-start="754" data-end="771">April 9, 2025</STRONG>, these stricter rules apply to all new apps. Existing apps must comply by <STRONG data-start="846" data-end="863">November 2025</STRONG>. You can read more information about this change on <A href="https://developer.spotify.com/blog/2025-02-12-increasing-the-security-requirements-for-integrating-with-spotify" target="_blank" rel="noopener">this page</A>.</P> </LI> </UL> <P data-start="866" data-end="881"><STRONG data-start="866" data-end="878">Examples</STRONG>:</P> <UL data-start="882" data-end="951"> <LI data-start="882" data-end="916"> <P data-start="884" data-end="916"><CODE data-start="884" data-end="914"><A href="https://example.com/callback" target="_blank" rel="noopener">https://example.com/callback</A></CODE></P> </LI> <LI data-start="917" data-end="951"> <P data-start="919" data-end="951"><CODE data-start="919" data-end="951"><A href="http://127.0.0.1:8000/callback" target="_blank" rel="noopener">http://127.0.0.1:8000/callback</A></CODE></P> </LI> </UL> <H3 data-start="953" data-end="997">How It Works in <A href="https://developer.spotify.com/documentation/web-api/tutorials/code-flow" target="_blank" rel="noopener">Authorization Code Flow</A>:</H3> <OL data-start="998" data-end="1481"> <LI data-start="998" data-end="1104"> <P data-start="1001" data-end="1104">Your app directs the user to Spotify’s <CODE data-start="1040" data-end="1052">/authorize</CODE> endpoint, including your registered <CODE data-start="1089" data-end="1103">redirect_uri</CODE>.</P> </LI> <LI data-start="1105" data-end="1355"> <P data-start="1108" data-end="1187">After the user accepts or denies, Spotify redirects them back to that URI with:</P> <UL data-start="1191" data-end="1355"> <LI data-start="1191" data-end="1221"> <P data-start="1193" data-end="1221">a <CODE data-start="1195" data-end="1201">code</CODE> (if successful), or</P> </LI> <LI data-start="1225" data-end="1270"> <P data-start="1227" data-end="1270">an <CODE data-start="1230" data-end="1237">error</CODE> parameter (if denied or failed).</P> </LI> <LI data-start="1274" data-end="1355"> <P data-start="1276" data-end="1355">You should also validate the <CODE data-start="1305" data-end="1312">state</CODE> parameter to protect against CSRF attacks.</P> </LI> </UL> </LI> <LI data-start="1356" data-end="1481"> <P data-start="1359" data-end="1481">Your app then sends a POST request to <CODE data-start="1397" data-end="1409">/api/token</CODE> with the <CODE data-start="1419" data-end="1425">code</CODE> and the <STRONG data-start="1434" data-end="1457">same <CODE data-start="1441" data-end="1455">redirect_uri</CODE></STRONG> to get an access token.</P> </LI> </OL> <P data-start="1483" data-end="1620" data-is-last-node="" data-is-only-node="">If your app can't securely store a client secret (e.g., mobile or SPA), use the <A href="https://developer.spotify.com/documentation/web-api/tutorials/code-pkce-flow" target="_blank" rel="noopener"><STRONG data-start="1563" data-end="1600">Authorization Code with PKCE Flow</STRONG></A> for added security.</P> <P data-start="1483" data-end="1620" data-is-last-node="" data-is-only-node="">&nbsp;</P> <P data-start="1483" data-end="1620" data-is-last-node="" data-is-only-node="">I hope this helps. Feel free to ask more help.</P> Sat, 19 Jul 2025 07:23:50 GMT Ximzend 2025-07-19T07:23:50Z https://community.spotify.com/t5/Spotify-for-Developers/Redirect-URL/m-p/7056490#M18464 <P>I am creating a new application and I would like to know what kind of redirect URL they are looking for&nbsp;</P><P><STRONG>My Question or Issue</STRONG></P><P>I want to know about the how to create the redirect URL</P> Fri, 18 Jul 2025 17:02:40 GMT https://community.spotify.com/t5/Spotify-for-Developers/Redirect-URL/m-p/7056490#M18464 Zaura 2025-07-18T17:02:40Z https://community.spotify.com/t5/Spotify-for-Developers/Redirect-URL/m-p/7057128#M18467 <P>Hi <a href="https://community.spotify.com/t5/user/viewprofilepage/user-id/26908795">@Zaura</a>&nbsp;</P> <P>Thank you for asking in the Spotify Community, and Welcome!</P> <P>&nbsp;</P> <P>I understand you want to know what a redirect URI is. Here is an explanation:</P> <P>&nbsp;</P> <P data-start="96" data-end="320">A <A href="https://developer.spotify.com/documentation/web-api/concepts/redirect_uri" target="_blank" rel="noopener"><STRONG data-start="98" data-end="114">redirect URI</STRONG></A> is the URL Spotify uses to send users back to your app after they approve or deny access. It's a required part of the <A href="https://developer.spotify.com/documentation/web-api/tutorials/code-flow" target="_blank" rel="noopener"><STRONG data-start="233" data-end="260">Authorization Code Flow</STRONG></A> and must be registered in your Spotify Developer Dashboard.</P> <H3 data-start="322" data-end="352">Redirect URI Requirements:</H3> <UL data-start="353" data-end="864"> <LI data-start="353" data-end="498"> <P data-start="355" data-end="498"><STRONG data-start="355" data-end="373">Must use HTTPS</STRONG>, unless you're using a loopback address like <CODE data-start="419" data-end="442"><A href="http://127.0.0.1:PORT" target="_blank" rel="noopener">http://127.0.0.1:PORT</A></CODE> or <CODE data-start="446" data-end="465">http://[::1]:PORT</CODE>. <STRONG data-start="467" data-end="497"><CODE data-start="469" data-end="480">localhost</CODE> is not allowed</STRONG>.</P> </LI> <LI data-start="499" data-end="605"> <P data-start="501" data-end="605">The redirect URI must <STRONG data-start="523" data-end="540">exactly match</STRONG> what you registered — including case, slashes, and port numbers.</P> </LI> <LI data-start="606" data-end="742"> <P data-start="608" data-end="742"><STRONG data-start="608" data-end="630">Custom URI schemes</STRONG> are supported, but HTTPS is recommended. For mobile apps, use <STRONG data-start="693" data-end="714">Android App Links</STRONG> or <STRONG data-start="718" data-end="741">iOS Universal Links</STRONG>.</P> </LI> <LI data-start="743" data-end="864"> <P data-start="745" data-end="864">Starting <STRONG data-start="754" data-end="771">April 9, 2025</STRONG>, these stricter rules apply to all new apps. Existing apps must comply by <STRONG data-start="846" data-end="863">November 2025</STRONG>. You can read more information about this change on <A href="https://developer.spotify.com/blog/2025-02-12-increasing-the-security-requirements-for-integrating-with-spotify" target="_blank" rel="noopener">this page</A>.</P> </LI> </UL> <P data-start="866" data-end="881"><STRONG data-start="866" data-end="878">Examples</STRONG>:</P> <UL data-start="882" data-end="951"> <LI data-start="882" data-end="916"> <P data-start="884" data-end="916"><CODE data-start="884" data-end="914"><A href="https://example.com/callback" target="_blank" rel="noopener">https://example.com/callback</A></CODE></P> </LI> <LI data-start="917" data-end="951"> <P data-start="919" data-end="951"><CODE data-start="919" data-end="951"><A href="http://127.0.0.1:8000/callback" target="_blank" rel="noopener">http://127.0.0.1:8000/callback</A></CODE></P> </LI> </UL> <H3 data-start="953" data-end="997">How It Works in <A href="https://developer.spotify.com/documentation/web-api/tutorials/code-flow" target="_blank" rel="noopener">Authorization Code Flow</A>:</H3> <OL data-start="998" data-end="1481"> <LI data-start="998" data-end="1104"> <P data-start="1001" data-end="1104">Your app directs the user to Spotify’s <CODE data-start="1040" data-end="1052">/authorize</CODE> endpoint, including your registered <CODE data-start="1089" data-end="1103">redirect_uri</CODE>.</P> </LI> <LI data-start="1105" data-end="1355"> <P data-start="1108" data-end="1187">After the user accepts or denies, Spotify redirects them back to that URI with:</P> <UL data-start="1191" data-end="1355"> <LI data-start="1191" data-end="1221"> <P data-start="1193" data-end="1221">a <CODE data-start="1195" data-end="1201">code</CODE> (if successful), or</P> </LI> <LI data-start="1225" data-end="1270"> <P data-start="1227" data-end="1270">an <CODE data-start="1230" data-end="1237">error</CODE> parameter (if denied or failed).</P> </LI> <LI data-start="1274" data-end="1355"> <P data-start="1276" data-end="1355">You should also validate the <CODE data-start="1305" data-end="1312">state</CODE> parameter to protect against CSRF attacks.</P> </LI> </UL> </LI> <LI data-start="1356" data-end="1481"> <P data-start="1359" data-end="1481">Your app then sends a POST request to <CODE data-start="1397" data-end="1409">/api/token</CODE> with the <CODE data-start="1419" data-end="1425">code</CODE> and the <STRONG data-start="1434" data-end="1457">same <CODE data-start="1441" data-end="1455">redirect_uri</CODE></STRONG> to get an access token.</P> </LI> </OL> <P data-start="1483" data-end="1620" data-is-last-node="" data-is-only-node="">If your app can't securely store a client secret (e.g., mobile or SPA), use the <A href="https://developer.spotify.com/documentation/web-api/tutorials/code-pkce-flow" target="_blank" rel="noopener"><STRONG data-start="1563" data-end="1600">Authorization Code with PKCE Flow</STRONG></A> for added security.</P> <P data-start="1483" data-end="1620" data-is-last-node="" data-is-only-node="">&nbsp;</P> <P data-start="1483" data-end="1620" data-is-last-node="" data-is-only-node="">I hope this helps. Feel free to ask more help.</P> Sat, 19 Jul 2025 07:23:50 GMT https://community.spotify.com/t5/Spotify-for-Developers/Redirect-URL/m-p/7057128#M18467 Ximzend 2025-07-19T07:23:50Z