Spotify Community

Hi,

I've found that the Authorization header doesn't follow the HTTP spec (https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). The spec says the scheme can be case insensitve, however Spotify's API expects it to be case-sensitive, that is, it forces it to be "Bearer" and "bearer" is not allowed.

Unfortunately, this break some HTTP client libraries.

This can be easily tried:

curl --request GET 'https://api.spotify.com/v1/tracks/SOME_ID' --header "Authorization: bearer TOKEN"

which returns

{\n \"error\": {\n \"status\": 400,\n \"message\": \"Only valid bearer authentication supported\"\n }\n}

However, passing "Bearer" instead using the same token works:

curl --request GET 'https://api.spotify.com/v1/tracks/SOME_ID' --header "Authorization: Bearer TOKEN"

It would be great if this issue could be fixed.

Thanks!