Request Parameters for the Authorization Endpoints

Query parameter

Category

Type

Description

client_id

Required

String

This is the client ID associated with our Spotify App.

response_type

Required

String

Its value is set to code.

redirect_uri

Required

String

This is the URI that we entered in the Redirect_URI list in our Spotify app settings.

state

Optional

String

This can be used to make the requests more secure.

scope

Optional

String

This defines the user-related information that we want access to. If it is not defined, we'll only be able to access the public information of the user and will not be able to make any changes to the user's resources. A complete list of these scopes is available under the next heading.

show_dialog

Optional

String

This decides whether or not the user has to approve the app every time we request a code related to the user. The possible options for this parameter are TRUE and FALSE.

Grants permissions for

Scope

Description

Images

ugc-image-upload

It grants permission to upload images using the user's Spotify account.

user-modify-playback-state

It grants permission to control the Spotify player on the devices connected to the user's account.

user-read-playback-state

It allows us to read the currently playing content on user devices. It also permits us to get information about the devices connected to the user's account.

user-read-currently-playing

It allows us to read the currently playing content on user devices.

user-follow-modify

It allows us to follow or unfollow artists and other Spotify users.

user-follow-read

It allows us to see the follow list of the user.

user-read-recently-played

It allows us to check what the user was listening to recently.

user-read-playback-position

It lets us read the current position of content playing on user devices.

user-top-read

It grants us permission to see user's top artists and tracks.

playlist-read-collaborative

We can use this scope to access user's collaborative playlists.

playlist-modify-public

It gives us permission to modify user's public playlists.

playlist-read-private

It gives us permission to see user's private playlists.

playlist-modify-private

It permits us to modify user's private playlists.

app-remote-control

It permits us to control Spotify user accounts using another app.

streaming

It allows us to play content on other devices.

user-read-email

It allows us to read user's email address.

user-read-private

It grants us access to user's subscription information.

user-library-modify

It allows us modifying access to user's "Your Music" library.

user-library-read

It allows us reading access to user's "Your Music" library.

Query parameter

Type

Description

grant_type

String

This determines which kind of authorization we're requesting. Its value will be authorization_code in this case.

code

String

This is the code returned by the server after user verification.

redirect_uri

String

This parameter is used with this endpoint just for URL validation.

refresh_token

String

This is the token returned by the server when we requested for the access token.

Query parameter

For authorization code access token using the refresh token

For authorization code access token using the user code

For client credentials access token

grant_type

required

required

required

code

not required

required

not required

redirect_uri

not required

required

not required

refresh token

required

not required

not required

Header parameter

Category

Type

Description

Authorization

Required

String

This parameter contains 64 base encoded client ID and client secret. Its format is Basic encoded(client id:client secret).

Content-Type

Required

String

This describes that the data being sent is form data. Its value is application/x-www-form-urlencoded.