Announcements

Cannot update my playlist through the API

Solved!

Cannot update my playlist through the API

Doing my own project and trying to automate the process of updating a playlist I own.
I've created an AWS Lambda that every week, at a certain time starts to run and retrieves the last added songs from one playlist and then updates the second playlist with these songs.

Since I don't have a user interface for the user to log in (It's my playlists) I used Client Credentials Flow

After retrieving the token, and reading the last tracks added to the playlist I tried to use the token to update the second Playlist which failed with 403 and a message 'This request requires user authentication.'.
I've tried to add the post call of 'https://accounts.spotify.com/api/token' the scope param of 'playlist-modify-private playlist-modify-public user-library-read' which didn't help 😞

My question is:
Is what I'm trying to achieve possible without the user logging in using a web/mobile interface?

Reply

Accepted Solutions
Marked as solution

The only way to get a code to request a token the server can read and modify playlists with, is to use a browser to login once.

After that, you can use refresh tokens to get new tokens, as it's described at the Authorization Code Flow page.

There's no way around it.

Note: I'm saying a browser. It doesn't need to be a browser on your server. The only thing the server needs to do, is handle the callback when you go with a browser to that modified URL I mentioned earlier and log in.

View solution in original post

5 Replies

This can't be done with the Client Credentials Flow.

If you want to use Authorization Scopes, you have to use the Authorization Code Flow.

Spotify will provide the login page when you follow this flow. You don't have to make one yourself.

I'm familiar with this flow but it assumes a web client with an interface in order to show a login page. I don't have a web application, only a server (AWS Lambda node.js function) that wants to interact with the Spotify API as a server-to-server. I'm the user who wants to manipulate his own playlists, not another user that will have to log in through a login page.

I'll try to ask it again, maybe more clearly:
Is there a Spotify API that could give me permission to add/delete from my own playlists that don't require a web client login page?

Sorry I didn't understand you directly, but you definitely need to implement the Authorization Code Flow.

 

To get the authorization code in step one you'll need for step two, you can just modify the below URL, and go to that URL with browser and log in:

 

https://accounts.spotify.com/authorize?client_id=ClientID&response_type=code&redirect_uri=http://mysite.com/callback/&state=secretCheckHash&scope=playlist-read-private playlist-read-collaborative playlist-modify-private playlist-modify-public

 

Note:

  • You have to add the callback uri to your application at your Dashboard for this to work.
  • With state (the secretCheckHash), you can check if the callback comes from you.

Do you have any plans to implement a server-to-server API that wouldn't require the authorization code flow that forces me to use a browser? Or there is already an existing one I'm not aware of?

Marked as solution

The only way to get a code to request a token the server can read and modify playlists with, is to use a browser to login once.

After that, you can use refresh tokens to get new tokens, as it's described at the Authorization Code Flow page.

There's no way around it.

Note: I'm saying a browser. It doesn't need to be a browser on your server. The only thing the server needs to do, is handle the callback when you go with a browser to that modified URL I mentioned earlier and log in.

Suggested posts