Request Parameters for the Authorization Endpoints
Get information about the request parameters for the endpoints used for authorization.
We'll cover the following
Let's look at the request parameters for the Authorize and Token endpoints.
For the Authorize endpoint
The query parameters for this endpoint are given in the table below.
Query parameter | Category | Type | Description |
| Required | String | This is the client ID associated with our Spotify App. |
| Required | String | Its value is set to |
| Required | String | This is the URI that we entered in the Redirect_URI list in our Spotify app settings. |
| Optional | String | This can be used to make the requests more secure. |
| Optional | String | This defines the user-related information that we want access to. If it is not defined, we'll only be able to access the public information of the user and will not be able to make any changes to the user's resources. A complete list of these scopes is available under the next heading. |
| Optional | String | This decides whether or not the user has to approve the app every time we request a code related to the user. The possible options for this parameter are |
We do not need a header while calling this endpoint.
List of scopes
The table below contains information about all the available scopes using which we can get different kinds of permissions from the user.
Grants permissions for | Scope | Description |
Images |
| It grants permission to upload images using the user's Spotify account. |
Spotify connect |
| It grants permission to control the Spotify player on the devices connected to the user's account. |
| It allows us to read the currently playing content on user devices. It also permits us to get information about the devices connected to the user's account. | |
| It allows us to read the currently playing content on user devices. | |
Follow |
| It allows us to follow or unfollow artists and other Spotify users. |
| It allows us to see the follow list of the user. | |
Listening history |
| It allows us to check what the user was listening to recently. |
| It lets us read the current position of content playing on user devices. | |
| It grants us permission to see the user's top artists and tracks. | |
Playlist |
| We can use this scope to access user's collaborative playlists. |
| It gives us permission to modify the user's public playlists. | |
| It gives us permission to see the user's private playlists. | |
| It permits us to modify the user's private playlists. | |
Playback |
| It permits us to control Spotify user accounts using another app. |
| It allows us to play content on other devices. | |
Users |
| It allows us to read the user's email address. |
| It grants us access to the user's subscription information. | |
Library |
| It allows us to modify access to the user's "Your Music" library. |
| It allows us read access to the user's "Your Music" library. |
For the Token endpoint
This endpoint can be used to obtain a new authorization code access token using a user code or a refresh token and to get the client credential access token. The table below contains its query parameters.
Query parameter | Type | Description |
| String | This determines which kind of authorization we're requesting. Its value will be |
| String | This is the code returned by the server after user verification. |
| String | This parameter is used with this endpoint just for URL validation. |
| String | This is the token returned by the server when we requested the access token. |
The use of query parameters depends on the type of request we make. The table below explains which query parameters are required for which type of request.
Query parameter | For authorization code access token using the refresh token | For authorization code access token using the user code | For client credentials access token |
| required | required | required |
| not required | required | not required |
| not required | required | not required |
| required | not required | not required |
Header parameters of the endpoint are discussed in the table below.
Header parameter | Category | Type | Description |
| Required | String | This parameter contains 64 base encoded client ID and client secret. Its format is |
| Required | String | This describes that the data being sent is form data. Its value is |