API Authorization header doesn't follow HTTP spec

Help categories

Account & Payment

Using Spotify

Listen Everywhere

API Authorization header doesn't follow HTTP spec

Hi,

I've found that the Authorization header doesn't follow the HTTP spec (https://datatracker.ietf.org/doc/html/rfc7235#section-2.1). The spec says the scheme can be case insensitve, however Spotify's API expects it to be case-sensitive, that is, it forces it to be "Bearer" and "bearer" is not allowed.

Unfortunately, this break some HTTP client libraries.

This can be easily tried:

curl --request GET 'https://api.spotify.com/v1/tracks/SOME_ID' --header "Authorization: bearer TOKEN"

which returns

{\n \"error\": {\n \"status\": 400,\n \"message\": \"Only valid bearer authentication supported\"\n }\n}

However, passing "Bearer" instead using the same token works:

curl --request GET 'https://api.spotify.com/v1/tracks/SOME_ID' --header "Authorization: Bearer TOKEN"

It would be great if this issue could be fixed.

Thanks!

0 Replies

Photos

Upload Upload
URL URL
Saved Photos Saved Photos

Upload location

Upload location

Add Photos to Album:

New Album

Drag here to start uploading

Drag photos here or

Tap for upload options

You must install or upgrade to the latest version of Adobe Flash Player before you can upload images.

You must be signed in to add attachments

never-displayed

Additional options

Associated Products

Spotify Community

Help categories

Account & Payment

Using Spotify

Listen Everywhere

API Authorization header doesn't follow HTTP spec

API Authorization header doesn't follow HTTP spec

Photos

Suggested posts

Let's introduce ourselves!

Help Wizard

Step 1

Just quickly...

FAQs

Ongoing Issues

Help categories

Account & Payment

Using Spotify

Listen Everywhere

API Authorization header doesn't follow HTTP spec

API Authorization header doesn't follow HTTP spec

Photos

Suggested posts

Let's introduce ourselves!