{"id":191,"date":"2019-03-22T23:49:54","date_gmt":"2019-03-22T15:49:54","guid":{"rendered":"https:\/\/gri.my\/blog\/?p=191"},"modified":"2019-03-22T23:49:54","modified_gmt":"2019-03-22T15:49:54","slug":"how-to-renew-spotify-api-access-token","status":"publish","type":"post","link":"https:\/\/gri.my\/blog\/how-to-renew-spotify-api-access-token\/","title":{"rendered":"How to renew Spotify API access token"},"content":{"rendered":"\n

There’s the official way of requesting an API token, and then there’s this method.<\/p>\n\n\n\n

There’s two endpoint in which you can access Spotify’s resources. There’s the typical HTML generating one (open.spotify.com) and a REST API (api.spotify.com).<\/p>\n\n\n\n

When you first visit the HTML endpoint, Spotify assigns you an access token in the form a cookie string, like so<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

This access token, can actually be used to access resources at the API endpoint, like so<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The scope of the token is limited, in my experience, to public content like public playlists, search, artists, browse and tracks endpoints. You cannot use the token to enumerate, say a user’s playlist. In order to do that, you need an authenticated token, which you need to login to get. But what if you’re like me, who doesn’t want to go through the trouble of setting up the whole stupid OAuth flow and just wants things to work, you can make use of the wp_sso_token from the HTML endpoint emitted when you first login.<\/p>\n\n\n\n

\"\"

<\/figcaption><\/figure>\n\n\n\n

Using this SSO token, one can use it to request for new privileged access tokens.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The SSO token, as can be seen is valid for a year. So when the access token expires after 3600 seconds, just use the SSO token to renew and you’re good to go. In my case, to renew the access token I also need to include a sp_dc token which is also emitted when you first login. The validity of the sp_dc token, thankfully, is also set to expire in a year and is interchangeable with other SSO token, meaning the two are not tied together.<\/p>\n\n\n\n

With this privileged access token, you can then use it to do things like, enumerate a user’s playlist, and then use that to grab the playlist’s contents. Great for scraper.<\/p>\n","protected":false},"excerpt":{"rendered":"

There’s the official way of requesting an API token, and then there’s this method. There’s two endpoint in which you can access Spotify’s resources. There’s the typical HTML generating one (open.spotify.com) and a REST API…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-191","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/gri.my\/blog\/wp-json\/wp\/v2\/posts\/191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gri.my\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gri.my\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gri.my\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gri.my\/blog\/wp-json\/wp\/v2\/comments?post=191"}],"version-history":[{"count":2,"href":"https:\/\/gri.my\/blog\/wp-json\/wp\/v2\/posts\/191\/revisions"}],"predecessor-version":[{"id":198,"href":"https:\/\/gri.my\/blog\/wp-json\/wp\/v2\/posts\/191\/revisions\/198"}],"wp:attachment":[{"href":"https:\/\/gri.my\/blog\/wp-json\/wp\/v2\/media?parent=191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gri.my\/blog\/wp-json\/wp\/v2\/categories?post=191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gri.my\/blog\/wp-json\/wp\/v2\/tags?post=191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}