[WebApi][Oauth2] Get token link is broken

Status: Fixed

I'm currently trying to build an application for Spotify. I am using the Authorization Code flow, which will return a token and refresh token.


I receive the code from Spotify successfully, however when I make a post request to, I am receiving a 400 statusCode from Spotify with headers: 


{ server: 'nginx',
date: 'Wed, 15 Jun 2016 16:53:11 GMT',
'content-type': 'application/json',
'content-length': '69',
connection: 'close'}


And the content of the JSON body response is 

{ error: 'server_error',
error_description: 'Unexpected status: 400' }



Which leads me to believe that the server is currently not supporting this feature. If this could be fixed, that would be awesome!




Hi there and welcome to the community,


Thanks for reporting. Could you please create an issue on Github and explain your issue there?


These guys are happy to answer all your develop related questions.


Thank you I was able to find a fix for my issue. Someone had already submitted an issue with my problem. 

Status changed to: Fixed

Hey there!

Thanks @Jordi for coming up with the solution 🙂


We're closing this as fixed.

Status changed to: Fixed


Is the solution linked? 

Everything above seems to link back to the general bug list. 




I want to make it clear that this issue is not fixed. Someone else found a workaround -- but the default behavior is still broken.


To @baloo7gs, in your https header you need to set 

"Content-Type": "application/x-www-form-urlencoded"

You can see my implementation in node.js at


Header prop did it for me. Thanks!


 Hey @JBarna.


I wouldn't recommend committing the access tokens to a public repository like Github. Especially not when sharing your code on a public space like a community. There are good guys here, but we can't guarrantee there are no bad guys around. Thanks for sharing the solution here anyway.


Also, any issues regarding to the developer API can be asked in the Github repository mentioned above.


For those who are seeking support for this specific issue. Please head to for official support. Any pull requests are welcome.


@Jordi I understand your concern. Usually these tokens are very sensitive pieces of information, however this code is not running in a server. Its part of a project that is installed locally onto a user's machine, which means that anyone could simply search hard enough to find the client secret. I made a similar application but for reddit, and they simply didn't give me a client secret in this case because it can't be kept secret. Spotify doesn't do that, so I have no choice but to include the client secret.