Spotify Community

We've spent a few days debugging an issue with the /playlists/ endpoint, as we couldn't find the common variable. We finally found the issue, and its less of a technical bug and more of an API inconsistency / missing documentation. 

What we were trying to do.. 

We built a function that updated multiple aspects of a playlist (name + description, thumbnail, removed tracks) but this function failed inconsistently. We broke the function down and found that while we could *always* add / remove tracks from any playlist we submitted, when updating name + description we'd sometimes get 403. 

All playlists were owned by the same user, and the access token that we were using was confirmed as being valid as we could always generate a new playlist with the token, and make all those edits mentioned above to the new playlist with that token.

What we found...

We narrowed the issue to when we were trying to run the function on older playlists in our database. We split the function out into each individual request and made those requests across a representative sample of playlists (old to new, all owned by the same user and using the same access token). We found the PUT /playlists/ endpoint was the one causing issues and inconsistently returning 403 errors. 

We finally found that while you can add/remove tracks from any playlist owned by the given user, you *cannot* update name/description of a playlist unless you are currently following that playlist - even if you're the owner of it. In order to update the name + description, we first had to re-follow the playlist, make the update, then unfollow again. 

Expected behaviour...

We would have expected that *all* playlist endpoints + methods returned the same 403 Unauthorised response when attempting to make edits (e.g Add/Remove Tracks, Update Name + Title) as this would have made it clear you could not perform any type of editing to a playlist.

In addition, the Spotify API documentation only makes reference to needing to be the owner of a playlist to make these actions, it doesn't make any reference to needing to follow the playlist you're trying to update the name/description of. 

Perhaps there's some business reason for the logic in the API, although I can't really see what that would be. In any event, appreciate if the documentation could be updated to make this expected behaviour more clear, or modify the API to permit all edit actions to a playlist, whether the owner is following it or not. 

Thanks!