Spotify web API from C# without scope
Question
I'm trying to access Spotify web API (following this documentation: https://developer.spotify.com/web-api/authorization-guide/#authorization_code_flow ). I just need to access public data, like album names and cover art. To access that, I don't need any user scope, so I think the best approach is "Authorization code" with no scope specified.
The onlye examples I've found use client credentials, and user scopes, so it's mandatoryfor the user to give access. But in this case, it shouldn't be.
I've managed to get a response from my get request, but it's an html page, so I need to use an http server and listen to httpServer.OnAuth. This causes a web browser to open, and the user to accept the access, but I think this wouldn't have to be necessary for public access.
So, my question is... Is there any way to get authorization to query the spotify web api for public data, without the user to perform any action? Maybe with web requests and responses? Or maybe even with a totally different approach to access these spotify public data... I'm confused, I think this should be possible!
Thanks for your time!
1 answers
solution1
2 ACCPTED 2017-06-18 18:10:45
I have just recently done the same thing myself, and like you I was also a bit confused with how to query the Spotify API without having a user to enter his/hers credentials. And what confused me, was the naming of the different authorization flows: authorization code, client credentials, and implicit grant. As soon as you realize that client in client credentials isn't a client as in a user, but a client as in the application you're developing, it get's much more clear.
The process is pretty well described here: https://developer.spotify.com/web-api/authorization-guide/#client-credentials-flow
But in short, these are the steps you need to go through:
- Create yourself an application at https://developer.spotify.com/my-applications/#!/applications (this is where you get the Client ID and Client Secret needed for later API calls)
- When accessing the API, you first need to send a POST request to https://accounts.spotify.com/api/token with a body parameter grant_type=client_credentials and a header parameter Authorization: Basic Base64(Client_Id:Client_Secret)
This returns an access_token which you'll use for further API calls (which will be valid for an hour) - Now you can query the API (eg search for a track using https://api.spotify.com/v1/search?query=[your_query]&type=track ), providing the access_token as a header parameter Authorization: Bearer [access_token]
You can continue to use the same access_token for multiple API calls, as long as it is still valid
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.