Hi everyone! 

I’m currently building a music recommendation system for a final year university project. The goal is to suggest 5 songs based on a user's current emotion (e.g., "happy", "sad", "angry"), using Spotify’s /recommendations endpoint. This involves analyzing the user’s input, mapping it to audio features (valence, energy), and then retrieving appropriate tracks through the Spotify Web API. 

Problem I’m Facing 

No matter what I try, the /v1/recommendations endpoint consistently returns a

404 Not Found. 

Here’s what I’ve done so far: 

What I’ve Tried (Details): 

• Created a brand new Spotify account (free tier) 

• Registered a new app in the Developer Dashboard 

• Successfully generated an access token using the Client Credentials Flow 

• Used a well-formed GET request like: htpps://api.spotify.com/v1/recommendationsseed_genres=pop,rock,edm&limit= 5&market=US 
• Included the token in a Postman request under the Bearer Token auth tab 

Response: 
404 Not Found 
No error message body. Just a blank JSON {} 

Additional Info: 

• Genres like pop, rock, and edm are confirmed valid via /available-genre-seeds 

• Token is accepted — it’s not a 401 or 403 

• I’ve even tested this with multiple brand-new Spotify accounts and apps 

• The same issue happens when testing from Postman, Python (Spotipy), and even directly in browser Dev Tools 

What I Suspect 

Based on my research, it seems that /recommendations might not work with tokens generated via the Client Credentials Flow — and instead requires a user access token obtained via the Authorization Code Flow (which is not clearly stated in the main docs). 

If that’s the case: 

• Why is it returning 404 instead of a more helpful 403 or 401? 

• Can Spotify confirm whether /recommendations is restricted from client-credentials-based tokens? 

• Is there a recommended way to use /recommendations without involving full OAuth login for a lightweight mood-based app? 

I'd really appreciate clarification from the Spotify team or devs who have worked with this endpoint before. Is this expected behavior? Is there something subtle I’m missing in the request setup or scopes? Thanks so much in advance!