On 11 September 2018, we made updates to our iOS and Android SDKs. These new SDKs work for both Spotify Free and Spotify Premium users, offer built-in offline support, and more. Read more about the updates on our blog.
Want to access the 2014 iOS streaming SDK? It is available on GitHub by clicking here.

Access tokens issued from the Spotify account service has a lifetime of one hour. If a longer session is desired Spotify account service supports the OAuth Code grant flow. The iOS-SDK provides helper functionality to simplify the use of the Code grant flow.

By setting tokenSwapURL and tokenRefreshURL it is possible for the iOS-SDK to request a new access token with a refresh token whenever needed. The iOS-SDK demo project has a ruby example of the needed back-end services. The example is not recommended to use in production.

This page contains a description of the requests done by the iOS-SDK and the expected responses.

tokenSwapURL

Swaps a code for an access token and a refresh token.

Request Headers

Header Value
Content-Type application/x-www-form-urlencoded

Request Body

Parameter description
code The code returned from Spotify account service to be used in the token request.

Request Example

curl -X POST "https://example.com/v1/swap” -H "Content-Type: application/x-www-form-urlencoded" --data “code=AQDy8...xMhKNA”

Expected Response Headers

Header Value
Content-Type application/json

Expected Response Body Parameters

Parameters must be JSON encoded.

Parameter description
access_token Access token received from Spotify account service.
expires_in The time period (in seconds) for which the access token is valid. Returned from the Spotify account service.
refresh_token The refresh token returned from the Spotify account service. It should not return the actual refresh token but a reference to the token or an encrypted version of the token. Encryption solution is shown in the ruby example.

Response Example

{
 "access_token" : "NgAagA...Um_SHo",
 "expires_in" : "3600",
 "refresh_token" : "NgCXRK...MzYjw"
}

tokenRefreshURL

Uses the refresh token to get a new access token.

Request Headers

Header Value
Content-Type application/x-www-form-urlencoded

Request Body

Parameter description
refresh_token The refresh_token value previously returned from the token swap endpoint.

Request Example

curl -X POST "https://example.com/v1/refresh" -H "Content-Type: application/x-www-form-urlencoded" --data "refresh_token=NgCXRK...MzYjw"

Expected Response Headers

Header Value
Content-Type application/json

Expected Response Body Parameters

Parameter description
access_token Access token received from Spotify account service.
expires_in The time period (in seconds) for which the access token is valid. Returned from the Spotify account service.

Response Example

{
 "access_token" : "NgAagA...Um_SHo",
 "expires_in" : "3600"
}