Removing Unauthenticated calls to the Web API
Posted January 27th, 2017
On 29th May 2017 the
/users (and related) endpoints will start requiring an access token, bringing them in-line with all other Web API endpoints. A detailed overview of the changes [can be found here.](https://developer.spotify.com/migration-guide-for-unauthenticated-web-api-calls/)
Back in 2014 when we launched the current version of the Spotify Web APIs, we introduced new functionality and replaced two old web services:
As the old web services didn’t support OAuth, we wanted to ease the initial transition for users by allowing unauthenticated consumption of the equivalent endpoints in the new API. Now we’re in 2017, Spotify’s Web API has greatly expanded and a vast majority of endpoints already require authentication. By authenticating you also gain improved rate limits and get access to our automated insights dashboards, which provide statistics on your API consumption and users who authenticate with your application.
The affected endpoints will accept all forms of authentication, including client credentials. As before all endpoints can be tried out live before writing any code via our interactive API console.
We understand that this update may create some work for you, so we want to ensure you have plenty of time to make the necessary updates to any outstanding unauthenticated requests. We’ve also created a guide to the technical changes you may need to make.
Because the calls are unauthenticated we aren’t able to reach out to individuals. If you need help please do contact us via Twitter, GitHub or StackOverflow (tag Spotify).