Help Wizard

Step 1


No Client Secret Needed?

No Client Secret Needed?

I am currently working on a web app using the spotify api. I am accessing the api via spotify-web-api-ts-sdk which can be found here

When creating an sdk object, we can use the function withUserAuthorization providing a cliendId, redirectUri scopes and optional config. I have noticed that this does NOT actually ask for a client secret. Which, knowing that the client id can, and IS, public as can be seen here:


My question is, what keeps non authorized people from connecting to my api app?

0 Replies

Suggested posts