On 11 September 2018, we made updates to our iOS and Android SDKs. These new SDKs work for both Spotify Free and Spotify Premium users, offer built-in offline support, and more.
Read more about the updates on our blog.Want to access the 2014 iOS streaming SDK? It is available on GitHub
by clicking here.
Access tokens issued from the Spotify account service has a lifetime of one hour. If a longer session is desired Spotify account service supports the OAuth Code grant flow. The iOS-SDK provides helper functionality to simplify the use of the Code grant flow.
By setting tokenSwapURL and tokenRefreshURL it is possible for the iOS-SDK to request a new access token with a refresh token whenever needed. The iOS-SDK demo project has a ruby example of the needed back-end services. The example is not recommended to use in production.
This page contains a description of the requests done by the iOS-SDK and the expected responses.
tokenSwapURL
Swaps a code for an access token and a refresh token.
Header |
Value |
Content-Type |
application/x-www-form-urlencoded |
Request Body
Parameter |
description |
code |
The code returned from Spotify account service to be used in the token request. |
Request Example
curl -X POST "https://example.com/v1/swap” -H "Content-Type: application/x-www-form-urlencoded" --data “code=AQDy8...xMhKNA”
Header |
Value |
Content-Type |
application/json |
Expected Response Body Parameters
Parameters must be JSON encoded.
Parameter |
description |
access_token |
Access token received from Spotify account service. |
expires_in |
The time period (in seconds) for which the access token is valid. Returned from the Spotify account service. |
refresh_token |
The refresh token returned from the Spotify account service. It should not return the actual refresh token but a reference to the token or an encrypted version of the token. Encryption solution is shown in the ruby example. |
Response Example
{
"access_token" : "NgAagA...Um_SHo",
"expires_in" : "3600",
"refresh_token" : "NgCXRK...MzYjw"
}
tokenRefreshURL
Uses the refresh token to get a new access token.
Header |
Value |
Content-Type |
application/x-www-form-urlencoded |
Request Body
Parameter |
description |
refresh_token |
The refresh_token value previously returned from the token swap endpoint. |
Request Example
curl -X POST "https://example.com/v1/refresh" -H "Content-Type: application/x-www-form-urlencoded" --data "refresh_token=NgCXRK...MzYjw"
Header |
Value |
Content-Type |
application/json |
Expected Response Body Parameters
Parameter |
description |
access_token |
Access token received from Spotify account service. |
expires_in |
The time period (in seconds) for which the access token is valid. Returned from the Spotify account service. |
Response Example
{
"access_token" : "NgAagA...Um_SHo",
"expires_in" : "3600"
}