Spotify request web api remove unauthorized calls
After removing the unauthorized calls to the web API, I have a problem getting the token. I found on developer.spotify that I need to make an authorization code flow. The biggest problem:
It provides an access token that can be updated. Since the token exchange involves the transfer of your private key, this must happen to a secure location like a backend service and not from a client such as a browser or mobile apps.
Are there a few more ways to use web api like "get track" or "search a item" without authorization code flow?
Yes, you need to read about the client credential flow.
The method allows you to authenticate your Spotify Web API requests and get a higher limit than you would get without authentication.
You need to use your client_id and client_secret, which you get after registering your application at developer.spotify.
The request will include a grant_type parameter in the request body with the "client_credentials" value, and the header must contain Authorization .
Mandatory. Baseline encoded string 64 containing the client ID and client secret. The field must be in the following format: Authorization: Basic base64 encoded client_id: client_secret
All this information can be found in the Web API Authorization Guide
An example of how to get a token:
- (void)spotifyToken {
NSString *body = @"grant_type=client_credentials";
NSData *postData = [body dataUsingEncoding:NSASCIIStringEncoding allowLossyConversion:YES];
NSString *prepareHeader = [NSString stringWithFormat:@"%@:%@",clientId, clientSecret];
NSData *data = [prepareHeader dataUsingEncoding:NSUTF8StringEncoding];
NSString *base64encoded = [data base64EncodedStringWithOptions:0];
NSString *header = [NSString stringWithFormat:@"Basic %@", base64encoded];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc]init];
[request setURL:[NSURL URLWithString:@"https://accounts.spotify.com/api/token"]];
[request setHTTPBody:postData];
[request setHTTPMethod:@"POST"];
[request setValue:header forHTTPHeaderField:@"Authorization"];
NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];
[[session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
if (!error) {
dispatch_async(dispatch_get_main_queue(), ^{
// saving somewhere token for further using
});
}
}] resume];
}
Then you make pretty much the same query to find the item. But instead of this POST, you send a GET with a token in the header. It looks like this:
NSString *token = [tokenData objectForKey:@"access_token"];
NSString *tokenType = [tokenData objectForKey:@"token_type"];
NSString *header = [NSString stringWithFormat:@"%@ %@", tokenType, token];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc] init];
NSURL *url = [NSURL URLWithString:[NSString stringWithFormat:@"https://api.spotify.com/v1/search?%@",trackId]];
[request setValue:header forHTTPHeaderField:@"Authorization"];
[request setURL:url];
NSURLSession *session = [NSURLSession sessionWithConfiguration:[NSURLSessionConfiguration defaultSessionConfiguration]];
[[session dataTaskWithRequest:request completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) {
if (!error) {
NSDictionary *json = [NSJSONSerialization JSONObjectWithData:data options:0 error:nil];
// JSON with song is here
}
}] resume];
source to share