Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Some API endpoints randomly return error 403

Some API endpoints randomly return error 403

Since 2021-06-28 14:10 UTC I've started to receive random HTTP 403 errors for the following endpoints:

 

  • /v1/me
  • /v1/me/player/currently-playing
  • /v1/artists
  • /v1/tracks

The last two deal with public data, so technically they should never return error 403 in the first place.

 

Usually retrying the request makes the error go away, but sometimes it takes up to four or more attempts.

 

Here's a typical response that I get:

 

 

 

 

 

 

    "body": {},
    "headers": {
      "cache-control": "private, max-age=0",
      "access-control-allow-origin": "*",
      "access-control-allow-headers": "Accept, App-Platform, Authorization, Content-Type, Origin, Retry-After, Spotify-App-Version, X-Cloud-Trace-Context, client-token, content-access-token",
      "access-control-allow-methods": "GET, POST, OPTIONS, PUT, DELETE, PATCH",
      "access-control-allow-credentials": "true",
      "access-control-max-age": "604800",
      "content-encoding": "gzip",
      "strict-transport-security": "max-age=31536000",
      "x-content-type-options": "nosniff",
      "date": "Tue, 29 Jun 2021 07:25:36 GMT",
      "server": "envoy",
      "via": "HTTP/2 edgeproxy, 1.1 google",
      "alt-svc": "clear",
      "connection": "close",
      "transfer-encoding": "chunked"
    },
    "statusCode": 403,

 

 

 

 

 

 

Reply
24 Replies

I'm getting similar errors and looks like its completely random. I tried creating new app to try it out but I end up getting the same after one week or so

I think we have been partially shadowbanned or something, as by changing the apy ID / Secrets to the production ones / another APP, I no longer receive random "Forbidden" with a 403 status while fetching /albums or /artists.

We fixed a bug on Monday that would cause some apps to experience 403s but this should have been resolved already. If you are still seeing 403 errors with no error message please send a private message with your client id and the specific API you are calling along with a timestamp of the error, thanks.

 

PS: There's no such thing as shadow banned. Your client id is either in development mode, extended quota mode or blocked/disabled 🙂 

The same random error 403 with Album's Tracks. For one minute and equal requests, status: 200, 403, 200, 200, 403 and so on. 

We have just rolled out a fix that should address any issues concerning the 403's. Please report back here if the issue still persist.

I am getting 403 errors for requests to /playlists/{playlist_id}/tracks. This broke sometime yesterday as far as I can tell, as my app has been working fine for some time now. The error message is below. The token I request has "playlist-modify-public" scope, and I have confirmed that my playlist is public. 

 

{
  "error" : {
    "status" : 403,
    "message" : "Insufficient client scope"
  }
}

 

 

Ah, I've figured it out. This is probably a separate bug, but here's what caused the problem. My app is pointed to a specific playlist.

  1. My app works
  2. Delete playlist in the desktop app
  3. Undo this deletion, restoring the playlist in the desktop app
  4. My app is now broken, all requests to modify this restored playlist return 403 errors.

If I point my app at a different playlist, it works fine.

 

So it seems like something in the undo process to un-delete a playlist is not restoring everything.

I'm experiencing a similar issue. 2 of 3 of my test accounts hit 403s every time for the /v1/me route. 

My scopes are 'user-read-email', 'user-top-read', 'user-read-private'. My app is development mode.

The/v1/me/top/{type} endpoint works fine without issues. 

I've only just noticed this post now. I am encountering a similar issue, although none of the endpoints are working for me. More details in my post:

 

https://community.spotify.com/t5/Spotify-for-Developers/Android-SDK-Access-token-with-correct-scopes...  

Hey @koury, welcome to the forum.  When you get a 403 response from Web API is there a message in the HTTP response body?

Hi @spotifyjosh - I was logged into the wrong account there when I posted that message.

No. There was no message in the body at all. I think this came from not having users in my app's Users and Access inside Dashboard. After adding the other 2 accounts the routes simply started working. It's sort of weird because it seems like it's not required for all routes, but definitely required for /v1/me.

Is it possible to check if the /v1/me route throws a "User not registered in the Developer Dashboard"? It seems like it should have been in that case, but wasn't. Since 1-2 minutes after adding the 2 other test accounts everything worked. 

If this is the case, then that is a bit unfortunate. It seems cause you need to pre-identify beta users now if your app is Development mode. It also means if you want to just use the API for social authentication, you now have to submit an application for review.

Hello,

I am seeing the same error. In my case, I am hitting the Create Playlist endpoint. I know it's not a scope issue because I have enabled all playlist scopes (playlist-read-private playlist-modify-private playlist-modify-public playlist-read-collaborative). I've also tried getting a new access_token and refresh_token multiple times, to no avail. Any ideas?

 

Screen Shot 2021-11-16 at 6.42.55 PM.png

Hi, Could you please tell which public APIs I can access when my client id is in Development mode.

Hi Ohej,

still getting 403 error when trying to fetch top artists. url:https://api.spotify.com/v1/me/top/artists?time_range=medium_term... can you please provide a solution to fix this error 

 

response : _data:{ size:46, offset:0,blobid:"some id",type: null,name:artists}

I managed to fix it by setting the user-top-read scope as the last in the order:

 

  'https://accounts.spotify.com/authorize?show_dialog=true&scope=user-read-email&scope=user-library-read&scope=user-follow-read&scope=user-top-read',
      token: 'https://accounts.spotify.com/api/token',

 

 

 

I am trying to save an album to my User account. I have created an app that can successfully interact with the playlists and tracks etc. But when I try to save an album to my user I get a 403 error.

 

In the app I have added the user account to have access to the App.

When I do the Postman request I am using the client secret of the App, so not really sure how to specify what user account to point to (that is probably the issue?).

 

My curl command is:

 

curl --location --request PUT 'https://api.spotify.com/v1/me/albums' \
--header 'Authorization: Bearer foobar' \
--header 'Content-Type: application/json' \
--data-raw '{ "ids": ["2dQlX72ZvhsMRSRSNxhTgL"]}'
 
Can someone assist me with this?

Hi @mattileblanc

Do I understand it correctly that you place your `client secret` in the place of `foobar`?

Your app needs to follow the Authorization Code Flow, and request an `acces token` with the Authorization Scope `user-library-modify` for it to work what you want.

XimzendSpotify Star
Help others find this answer and click "Accept as Solution".
If you appreciate my answer, maybe give me a Like.
Note: I'm not a Spotify employee.

hi, I am getting 403 "insufficient client scope" the https://api.spotify.com/v1/me/player/recently-played endpoint while providing the "user-read-recently-played" scope , plus on some other endpoints like top artists and other , while i am getting the private playlists without any issues 

Same goes for me, I am trying to create a new playlist and I keep getting the 403 error : Insufficient client scope when having provided playlist-modify-public & playlist-modify-private scopes

Suggested posts