Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Does Client Credential flow allow access to user tracks & playlists?

Does Client Credential flow allow access to user tracks & playlists?

Premium

United States

Python 3.8

MacOS

 

My Question or Issue:

 

Trying to pull my current tracks and playlists via Web API. Running locally using Python 3.8 requests but this will eventually become an AWS Lambda function.

 

Tried to use the Authorization Code flow but that seemed to require a real-user login via redirect URI (from how I experienced & understood it). Because I don't want to have to manually login or validate the login process, I'm trying Client Credentials flow.

 

I've included my TextGetToken.txt file which successfully gets me an access token using the Client ID & Secret gotten from my spotify developer app. So I have an access token.

 

I also included my TextPrintTracks.txt file which tries to use this access token to get a list of my saved tracks, but I get a 401 error when I make this GET request to the /me/tracks endpoint.

 

Please let me know if I can use the Client Credentials flow for this, and if so, anything you notice wrong with my requests. Thank you!

Reply
4 Replies

Hi @thegriffff, welcome to the community 🙂 

 

In order to call the /v1/me/tracks endpoint you'll need an access token obtained through one of the other flows - like the authorization code flow. You're right that this means authenticating on the web at least once. Your app can use the refresh token to obtain a new access token when the access token you have expires.

So when you say authenticating on the web at least once, is that like a first-time thing and then never again as long as the refresh token flow works? Ideally I'm looking to have this authentication performed programmatically without human intervention/need to click a button in a browser. Is that possible?

> is that like a first-time thing and then never again as long as the refresh token flow works? 

 

That's right. The user may have to authenticate on the web again if, for example, the user uninstalls the app from their account.

 

> I'm looking to have this authentication performed programmatically without human intervention/need to click a button in a browser. Is that possible?

 

The user will need to tap a button (on the OAuth grant screen) at least once in order for your app to obtain the first refresh token and access token. Then, an app can operate in the background and refresh its access token without a user interface.

Got it, thank you!

Suggested posts