Hi @Zaura 

Thank you for asking in the Spotify Community, and Welcome!

I understand you want to know what a redirect URI is. Here is an explanation:

A redirect URI is the URL Spotify uses to send users back to your app after they approve or deny access. It's a required part of the Authorization Code Flow and must be registered in your Spotify Developer Dashboard.

Redirect URI Requirements:

• Must use HTTPS, unless you're using a loopback address like http://127.0.0.1:PORT or http://[::1]:PORT. localhost is not allowed.

• The redirect URI must exactly match what you registered — including case, slashes, and port numbers.

• Custom URI schemes are supported, but HTTPS is recommended. For mobile apps, use Android App Links or iOS Universal Links.

• Starting April 9, 2025, these stricter rules apply to all new apps. Existing apps must comply by November 2025. You can read more information about this change on this page.

Examples:

• https://example.com/callback

• http://127.0.0.1:8000/callback

How It Works in Authorization Code Flow:

1. Your app directs the user to Spotify’s /authorize endpoint, including your registered redirect_uri.

2. After the user accepts or denies, Spotify redirects them back to that URI with:

   • a code (if successful), or

   • an error parameter (if denied or failed).

   • You should also validate the state parameter to protect against CSRF attacks.

3. Your app then sends a POST request to /api/token with the code and the same redirect_uri to get an access token.

If your app can't securely store a client secret (e.g., mobile or SPA), use the Authorization Code with PKCE Flow for added security.

I hope this helps. Feel free to ask more help.