The Spotify API is home to an incredible wealth of information about artists, albums, and songs, as well as individual Spotify users. If you are a Spotify user, you know obviously know how amazing it is to have access to almost any music ever released in one place. As a developer, it is exciting to know that all that information is available for you to use, too. But not in the snap of a finger. If you have not tried your hand yet at developing an app using the Spotify API, this article will attempt to tackle some of what you can expect, and hopefully help you decide if the effort is worth your time.
CONSIDERATION #1: You Need a Spotify Account
Head to the Spotify Developer Dashboard and log into your Spotify Account. Once logged in, you'll have the opportunity to "Create An App". You will find that you have a "Client ID", and a hidden "Client Secret". These will be used when making requests to the API. The process of registering your App to get started is remarkably simple.
CONSIDERATION #2: Using OAuth
If you are unfamiliar with OAuth, you may be in for a world of frustration here, though it is no doubt a good skill to add to your arsenal. Basically, what you need to do is create a multi-faceted custom link which contains your client ID, multiple scopes, and a redirect link. A user will click and be sent to this link, where they will log into Spotify and give permission for your app to access various information from them, which you have declared in your scopes. Once they have logged in and granted permission, they will be sent to your redirect link and the URL will now contain and "code" param which you'll need to use to get an access token.
NOTE: Make sure any redirect link is registered on your app's dashboard under the Edit Settings > Redirect_URIs section.
CONSIDERATION #3: Using .env Variables
You obviously don't want to share your Client ID and especially your Secret Client ID with just anyone who's using your app. You'll need to keep them hidden in a .env variable, another new concept for coding beginners. And the setup of a .env variable will almost certainly differ from your development phase to when you deploy it.
CONSIDERATION #4: Development vs. Deployment
Just as your .env setup will differ, you'll also have to consider how your redirect links from Spotify will work. When developing, you'll be redirecting Spotify to "localhost:3000" or something similar, which will change once you have deployed your app and are sending it to the "herokuapp.com" url. Seems simple in theory, but in my experience caused more headache than expected.
CONSIDERATION #5: Getting an Access Token
In order to make a request that returns data from the Spotify API, you'll need an access token. You'll need to exchange the "code" param that was returned earlier to get an access token. This "code" will be used in a fetch request along with your Client ID and Secret Client Id (which you'll want in a .env variable). The Spotify documentation states that you will need to Base64 encode and set the 'Content-Type' to 'application/x-www-form-urlencoded'.
As a student at a programming bootcamp, my requirement was to use Rails as the backend of my project. Days of frustration over trying to properly Base64 encode my IDs, only to finally succeed when finding a blog that I had previously dismissed because it did not have any Base64 encoding done, and seemed to be outdated as it doesn't seem to match up with the Spotify documentation. Which leads to:
CONSIDERATION #6: Using a Library
Depending on which programming language you're planning to use, someone may have already made the process easier for you. Spotify has actually compiled a list of libraries in their docs which can be a huge help. I recommend checking out any libraries specific to your planned language.
CONSIDERATION #7: Follow Along With a Youtube Video
There are many walkthroughs on Youtube for how to implement the Spotify Authorization Flow and create an app. There is a lot to explain, so be prepared to be flown through the essentials. And you may get lost if you stray from their flow, or are using a different setup.
CONSIDERATION #8: The Access Token is Only Valid for One Hour
You will rejoice once you finally receive an access token and can make your first API call. But be warned, that access token will only work for 1 hour, and will then expire.
When you receive your access token, you will also receive a refresh token. Whenever your user's access token is expired (or almost expired) you'll need to use the refresh token to make a request to the Spotify API to receive another access token. So you'll have to figure out a clever way to make sure that your user never ends up with an expired access token where their request for information returns a 401 error and they wonder why they ever decided to use your app.
CONSIDERATION #9: Development Mode
You finally have your app deployed and out there for the world to use. So why can't they use it?
Your app is automatically considered to be in the development phase by Spotify, which means:
- Your application is limited to 25 users (Spotify accounts)
- Each of those users must be added to the "Users and Access" section on the dashboard
- A limited number of requests can be made to the API within any given 30 seconds
CONSIDERATION #10: Extended Quota Mode
In order for your app to be used by anyone (at least to make calls to Spotify API), you'll need to submit a "Quota Extension Request". "Submitting a quota extension request will trigger a review by Spotify to ensure your app complies with the Spotify Developer Policy."
This means that Spotify has the right to disable or block your app from being used by the general public if it isn't up to their standards. Additionally, any changes made to the your app's OAuth scopes will require another Quota Extension Request, and you are currently limited to one such request.
Navigating the Spotify API will consume a great deal of your time, unless you are already a seasoned veteran. If you are planning a small project or just interested in toying around with the Spotify API, you may find yourself investing way more time and energy than it is worth.
However, if you are passionate about your music and really interested and dedicated to creating an app that allows people (and yourself) to experience music in a new way, you will be hard-pressed to find a more expansive and organized database to help you accomplish your vision. And you will be certain to learn many new coding concepts along the way.