Migrate away from Insecure Redirect URIs

Spotify is deprecating the use of insecure redirect URIs. This guide will help you migrate your application to use secure redirect URIs. To better understand which redirect URIs are considered secure, please refer to the Redirect URI guide.

Prerequisites

This guide assumes that:

You have read the authorization guide.
You have created an app following the app guide.
You have read the Redirect URI guide.
You have access to the console to update your app settings.

Migrate from Insecure Redirect URIs

In you app settings, you can see all the redirect URIs that are currently setup. Make sure to check all of them and update any non-loopback addresses that are using http:// to https:// if possible. If not possible remove them and add the new secure redirect URIs.

If there are any redirect URIs that are pointing to localhost, you need to update those to point to a loopback address. For example, if you have http://localhost:8888/callback you should update it to http://127.0.0.1:8888/callback. We do support dynamic ports for loopback interfaces, you can read more here .

If you see any redirect URIs that are not in use, make sure to remove them as well.