Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

403 on valid access token using the authorization code flow

403 on valid access token using the authorization code flow

Avatar of marinofranz
Casual Listener
2024-07-07 08:19 PM

Hello,

I'm having a bit of an issue with the Spotify Web API. I suspect the IP address of my production machine may have been put on some sort of ban list. I won't be giving out the IP address on the forum, but if it helps, I am using a machine from Hetzner.

 

Authenticating via the authorization code flow works just fine on my local machine during testing, but as soon as my application runs on my production machine, authenticating does not work at all. Please note that my Spotify application is in development mode, and has not been approved for a quota extension just yet.

 

Edit: Forgot to add this, but when I use an access token that was provided to my local machine, and when I try to use that same token on the production machine, it throws a 403 error.

 

Thanks in advance,

Marino

Labels:
0 Likes
Reply
4 Replies

Avatar of smacklol
Regular
2024-07-08 12:12 AM

It may not be that your prod. server is banned but your prod server itself must request an accessToken to make requests. You said that the local machine and prod server use the same token; I don't think it's part of the official OAuth standard, but Spotify might extend security of access tokens by associating them with an IP or something. Otherwise a malicious dev could request one access token, distribute it to a bunch of remote servers and attempt a DDoS on Spotify using that one access token. Otherwise, if you're getting 403, it's also possible the access token scopes don't cover the end point you're hitting, but if it works in your local environment that's less likely to be the case

0 Likes

Avatar of marinofranz
Casual Listener
2024-07-08 12:18 AM

I understand that they may use that as a precaution, but I have also tried obtaining an access token by starting the authentication flow on the production server, however, it returns a 403 after requesting a refresh token. I've made sure that my scopes are correct. Not only that, but I should not need a scope to request a new refresh / access token.

0 Likes

Avatar of LambertSpot
Spotify
Spotify
2024-07-08 10:23 AM

Have you setup your redirect URIs correctly for your production machine (not just localhost)?

0 Likes

Avatar of marinofranz
Casual Listener
2024-07-08 05:55 PM

Yes, I have set up the redirects correctly. There should not be anything to change in the routes directly when switching from development to production.

0 Likes

Suggested posts

Let's introduce ourselves!

Hey there you,   Yeah, you! 😁   Welcome - we're glad you joined the Spotify Community!   While you here, let's have a fun game and get…

Staff
ModeratorStaff / Moderator/ 3 years ago in Social & Random
Read more

Type a product name