Request Parameters for the Authorization Endpoints

Get information about the request parameters for the endpoints used for authorization.

Let's look at the request parameters for the Authorize and Token endpoints.

For the Authorize endpoint

The query parameters for this endpoint are given in the table below.

Query parameter

Category

Type

Description

client_id

Required

String

This is the client ID associated with our Spotify App.

response_type

Required

String

Its value is set to code.

redirect_uri

Required

String

This is the URI that we entered in the Redirect_URI list in our Spotify app settings.

state

Optional

String

This can be used to make the requests more secure.

scope

Optional

String

This defines the user-related information that we want access to. If it is not defined, we'll only be able to access the public information of the user and will not be able to make any changes to the user's resources. A complete list of these scopes is available under the next heading.

show_dialog

Optional

String

This decides whether or not the user has to approve the app every time we request a code related to the user. The possible options for this parameter are TRUE and FALSE.

We do not need a header while calling this endpoint.

List of scopes

The table below contains information about all the available scopes using which we can get different kinds of permissions from the user.

Grants permissions for

Scope

Description

Images

ugc-image-upload

It grants permission to upload images using the user's Spotify account.

Spotify connect

user-modify-playback-state

It grants permission to control the Spotify player on the devices connected to the user's account.

user-read-playback-state

It allows us to read the currently playing content on user devices. It also permits us to get information about the devices connected to the user's account.

user-read-currently-playing

It allows us to read the currently playing content on user devices.

Follow

user-follow-modify

It allows us to follow or unfollow artists and other Spotify users.

user-follow-read

It allows us to see the follow list of the user.

Listening history

user-read-recently-played

It allows us to check what the user was listening to recently.

user-read-playback-position

It lets us read the current position of content playing on user devices.

user-top-read

It grants us permission to see the user's top artists and tracks.

Playlist

playlist-read-collaborative

We can use this scope to access user's collaborative playlists.

playlist-modify-public

It gives us permission to modify the user's public playlists.

playlist-read-private

It gives us permission to see the user's private playlists.

playlist-modify-private

It permits us to modify the user's private playlists.

Playback

app-remote-control

It permits us to control Spotify user accounts using another app.

streaming

It allows us to play content on other devices.

Users

user-read-email

It allows us to read the user's email address.

user-read-private

It grants us access to the user's subscription information.

Library

user-library-modify

It allows us to modify access to the user's "Your Music" library.

user-library-read

It allows us read access to the user's "Your Music" library.

For the Token endpoint

This endpoint can be used to obtain a new authorization code access token using a user code or a refresh token and to get the client credential access token. The table below contains its query parameters.

Query parameter

Type

Description

grant_type

String

This determines which kind of authorization we're requesting. Its value will be authorization_code in this case.

code

String

This is the code returned by the server after user verification.

redirect_uri

String

This parameter is used with this endpoint just for URL validation.

refresh_token

String

This is the token returned by the server when we requested the access token.

The use of query parameters depends on the type of request we make. The table below explains which query parameters are required for which type of request.

Query parameter

For authorization code access token using the refresh token

For authorization code access token using the user code

For client credentials access token

grant_type

required

required

required

code

not required

required

not required

redirect_uri

not required

required

not required

refresh token

required

not required

not required

Header parameters of the endpoint are discussed in the table below.

Header parameter

Category

Type

Description

Authorization

Required

String

This parameter contains 64 base encoded client ID and client secret. Its format is Basic encoded(client id:client secret).

Content-Type


Required

String

This describes that the data being sent is form data. Its value is application/x-www-form-urlencoded.