Sign inDemoInstall

Package Overview
File Explorer

Install Socket

Protect your apps from supply chain attacks


Package spotify provides utilties for interfacing with Spotify's Web API.


Version published



[![Build status](](
[![Build Status](](

This is a Go wrapper for working with Spotify's
[Web API](

It aims to support every task listed in the Web API Endpoint Reference,
located [here](

By using this library you agree to Spotify's
[Developer Terms of Use](

## Installation

To install the library, simply

`go get`

## Authentication

Spotify uses OAuth2 for authentication and authorization.  
As of May 29, 2017 _all_ Web API endpoints require an access token.

You can authenticate using a client credentials flow, but this does not provide
any authorization to access a user's private data.  For most use cases, you'll
want to use the authorization code flow.  This package includes an `Authenticator`
type to handle the details for you.

Start by registering your application at the following page:

You'll get a __client ID__ and __secret key__ for your application.  An easy way to
provide this data to your application is to set the SPOTIFY_ID and SPOTIFY_SECRET
environment variables.  If you choose not to use environment variables, you can
provide this data manually.

// the redirect URL must be an exact match of a URL you've registered for your application
// scopes determine which permissions the user is prompted to authorize
auth := spotify.NewAuthenticator(redirectURL, spotify.ScopeUserReadPrivate)

// if you didn't store your ID and secret key in the specified environment variables,
// you can set them manually here
auth.SetAuthInfo(clientID, secretKey)

// get the user to this URL - how you do that is up to you
// you should specify a unique state string to identify the session
url := auth.AuthURL(state)

// the user will eventually be redirected back to your redirect URL
// typically you'll have a handler set up like the following:
func redirectHandler(w http.ResponseWriter, r *http.Request) {
      // use the same state string here that you used to generate the URL
      token, err := auth.Token(state, r)
      if err != nil {
            http.Error(w, "Couldn't get token", http.StatusNotFound)
      // create a client using the specified token
      client := auth.NewClient(token)

      // the client can now be used to make authenticated requests

You may find the following resources useful:

1. Spotify's Web API Authorization Guide:

2. Go's OAuth2 package:

## Helpful Hints

### Optional Parameters

Many of the functions in this package come in two forms - a simple version that
omits optional parameters and uses reasonable defaults, and a more sophisticated
version that accepts additional parameters.  The latter is suffixed with `Opt`
to indicate that it accepts some optional parameters.

### Automatic Retries

The API will throttle your requests if you are sending them too rapidly.
The client can be configured to wait and re-attempt the request.
To enable this, set the `AutoRetry` field on the `Client` struct to `true`.

For more information, see Spotify [rate-limits](

## API Examples

Examples of the API can be found in the [examples](examples) directory.

You may find tools such as [Spotify's Web API Console](
or [Rapid API](
valuable for experimenting with the API.


Last updated on 06 Apr 2020

Did you know?

Socket installs a GitHub app to automatically flag issues on every pull request and report the health of your dependencies. Find out what is inside your node modules and prevent malicious activity before you update the dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc