https://community.spotify.com/t5/Spotify-for-Developers/403-Forbidden-on-PUT-v1-me-tracks-and-v1-me-albums-despite-user/m-p/7381748#M21002 <P><STRONG>Plan</STRONG><BR />Premium</P><P>&nbsp;</P><P><STRONG>Country</STRONG><BR />Argentina</P><P>&nbsp;</P><P><STRONG>Device</STRONG><BR />PC</P><P><STRONG>Operating System</STRONG><BR />Windows 10</P><HR /><P><STRONG>My Question or Issue</STRONG></P><P>Hi everyone,</P><P>I'm using the Authorization Code with PKCE flow on an ASP.NET Core backend.</P><P>I'm trying to save tracks and albums to my own library using:</P><UL><LI>PUT /v1/me/tracks</LI><LI>PUT /v1/me/albums</LI></UL><P>Both endpoints consistently return:<BR />403 {"error": {"status": 403, "message": "Forbidden"}}</P><P>What I've verified:</P><UL><LI>The access token is valid (GET /v1/me returns 200 with my correct user data)</LI><LI>I have a Premium account</LI><LI>During the OAuth consent screen, Spotify explicitly shows permission to <STRONG>modify my library (albums/tracks)</STRONG> and I accepted it (user-library-modify)</LI><LI>The error is <STRONG>"Forbidden"</STRONG>, not <STRONG>"Insufficient client scope"</STRONG></LI><LI>Calling the endpoints directly (e.g., via PowerShell with the same token) gives the same 403</LI><LI>PKCE flow is correctly implemented (no client_secret used)</LI><LI>The app is in Development mode and my account is in the allowlist</LI><LI>One initial PUT request succeeded right after setup, but all subsequent write requests fail</LI></UL><P>Given that the scope seems correct but the operation is still blocked,<BR />is this a limitation of Development mode apps?</P><P>Do I need to request Extended Quota Mode to perform write operations (like saving tracks/albums), even for my own account?</P><P>Thanks.</P> Fri, 20 Mar 2026 22:38:38 GMT Necro-y2k 2026-03-20T22:38:38Z https://community.spotify.com/t5/Spotify-for-Developers/403-Forbidden-on-PUT-v1-me-tracks-and-v1-me-albums-despite-user/m-p/7381748#M21002 <P><STRONG>Plan</STRONG><BR />Premium</P><P>&nbsp;</P><P><STRONG>Country</STRONG><BR />Argentina</P><P>&nbsp;</P><P><STRONG>Device</STRONG><BR />PC</P><P><STRONG>Operating System</STRONG><BR />Windows 10</P><HR /><P><STRONG>My Question or Issue</STRONG></P><P>Hi everyone,</P><P>I'm using the Authorization Code with PKCE flow on an ASP.NET Core backend.</P><P>I'm trying to save tracks and albums to my own library using:</P><UL><LI>PUT /v1/me/tracks</LI><LI>PUT /v1/me/albums</LI></UL><P>Both endpoints consistently return:<BR />403 {"error": {"status": 403, "message": "Forbidden"}}</P><P>What I've verified:</P><UL><LI>The access token is valid (GET /v1/me returns 200 with my correct user data)</LI><LI>I have a Premium account</LI><LI>During the OAuth consent screen, Spotify explicitly shows permission to <STRONG>modify my library (albums/tracks)</STRONG> and I accepted it (user-library-modify)</LI><LI>The error is <STRONG>"Forbidden"</STRONG>, not <STRONG>"Insufficient client scope"</STRONG></LI><LI>Calling the endpoints directly (e.g., via PowerShell with the same token) gives the same 403</LI><LI>PKCE flow is correctly implemented (no client_secret used)</LI><LI>The app is in Development mode and my account is in the allowlist</LI><LI>One initial PUT request succeeded right after setup, but all subsequent write requests fail</LI></UL><P>Given that the scope seems correct but the operation is still blocked,<BR />is this a limitation of Development mode apps?</P><P>Do I need to request Extended Quota Mode to perform write operations (like saving tracks/albums), even for my own account?</P><P>Thanks.</P> Fri, 20 Mar 2026 22:38:38 GMT https://community.spotify.com/t5/Spotify-for-Developers/403-Forbidden-on-PUT-v1-me-tracks-and-v1-me-albums-despite-user/m-p/7381748#M21002 Necro-y2k 2026-03-20T22:38:38Z https://community.spotify.com/t5/Spotify-for-Developers/403-Forbidden-on-PUT-v1-me-tracks-and-v1-me-albums-despite-user/m-p/7381760#M21003 <P>Solved — deprecated endpoints returning 403</P><P>After a lot of digging, the issue had nothing to do with scopes, quota mode, or the PKCE flow. The endpoints<BR />themselves are deprecated and apparently return 403 silently instead of a proper deprecation error.</P><P>Root cause: PUT /v1/me/tracks and PUT /v1/me/albums are deprecated. Even with a valid token, correct scopes<BR />(user-library-modify), a Premium account, and the app allowlisted — both endpoints return 403 Forbidden with no useful<BR />message.</P><P>Fix: Migrate to the new unified endpoint:</P><P>PUT <A href="https://api.spotify.com/v1/me/library?uris=spotify%3Atrack%3A{id1},spotify%3Atrack%3A{id2" target="_blank">https://api.spotify.com/v1/me/library?uris=spotify%3Atrack%3A{id1},spotify%3Atrack%3A{id2</A>},...</P><P>Key differences from the old endpoints:<BR />- Single endpoint for both tracks and albums (use spotify:track: or spotify:album: URI prefix)<BR />- IDs go as uris query parameter in Spotify URI format, not in the request body<BR />- Max 40 items per request (old /me/tracks allowed 50)<BR />- Same user-library-modify scope still required</P><P>The docs at <A href="https://developer.spotify.com/documentation/web-api/reference/save-library-items" target="_blank">https://developer.spotify.com/documentation/web-api/reference/save-library-items</A> show this as the current<BR />endpoint. The old /me/tracks and /me/albums pages are marked deprecated but the 403 they return gives no indication<BR />that deprecation is the cause — it just looks like a permissions error.</P><P>Hope this saves someone else a few hours.</P> Fri, 20 Mar 2026 23:09:36 GMT https://community.spotify.com/t5/Spotify-for-Developers/403-Forbidden-on-PUT-v1-me-tracks-and-v1-me-albums-despite-user/m-p/7381760#M21003 Necro-y2k 2026-03-20T23:09:36Z