I think that the subscription model system tends to have abundant data (use it because it is unlimited). In my case, I listen to music so much lately that I thought it would be interesting to use the Spotify API.
So, this time, let's create some application using Spotify API.
https://developer.spotify.com/dashboard/
You can register from here. If you already have an account, you can log in and use it immediately.
You will be asked if you want to use it for commercial purposes during registration, so answer correctly. After creating the application, you can enter the OAuth information from ʻEDIT SETTINGS`. There are various options, such as the Web and smartphones. Register the one that suits you.
As will be described later this time, since it is not strictly hit from the Web service, an appropriate URL is set.
https://developer.spotify.com/documentation/general/guides/authorization-guide/
Details are described above.
This time, we will create it as a web application, but in reality it will be executed from Google Cloud Functions, so a Refresh Token is required.
According to Spotify's specifications, the Access Token will remain valid for 1 hour and the Refresh Token will remain valid until something is disabled.
So, this time, before creating the application, create a Refresh Token by hand, convert it to an Access Token in the code-> hit the Spotify API.
First, generate the URL to get the code. I will omit the details, but the final URL will be as follows. Match client_id and redirect_uri to your environment.
Also, the Spotify API has very finely divided scopes. It is listed below, so you need to specify the required scope. https://developer.spotify.com/documentation/general/guides/scopes/
https://accounts.spotify.com/authorize?client_id=${CLIENT_ID}&response_type=code&redirect_uri=${REDIRECT_URL}&scope=user-read-private%20user-read-email&state=34fFs29kd09
When it is completed, paste it in a suitable browser and press Enter to return to the set redirect_uri. There is no problem if an error occurs here. Since the URL itself has changed, we'll use only the code part of that URL next.
Next I have to throw POST. So I'll throw it with curl. Specifically, set the code that took the following command and the client_id and client_secret according to the environment and throw it. If there is no problem, the token will be returned, so keep the Refresh Token.
curl --data "code=${CODE}" --data "client_id=${CLIENT_ID}" --data "client_secret=${CLIENT_SECRET}" --data "redirect_uri=http://localhost/callback" --data "grant_type=authorization_code" https://accounts.spotify.com/api/token
from Refresh Token to Access Token
Conversion from Refresh Token to Access Token is a one-shot by hitting the API.
In that case, you have to include ʻAuthorization: Basic
For the time being, I will paste the python code I made.
from dotenv import load_dotenv
import os
import requests
import base64
import json
load_dotenv(verbose=True)
client_id = os.environ.get("SPOTIFY_CLIENT_ID", default="")
client_secret = os.environ.get("SPOTIFY_CLIENT_SECRET", default="")
token = base64.b64encode((client_id + ":" + client_secret).encode("utf-8")).decode(
"utf-8"
)
headers = {"Authorization": "Basic " + token}
data = {
"refresh_token": os.environ.get("REFRESH_TOKEN"),
"grant_type": "refresh_token",
}
response = requests.post(
"https://accounts.spotify.com/api/token", data=data, headers=headers
) # noqa: E501
print(json.loads(response.text)["access_token"])
To make an API call, simply set the Access Token you got to Bearer and throw it. Below is a sample code for the ranking data generation that I am trying to create.
header = {"Authorization": "Bearer " + access_token}
data = {
"limit": 50,
"time_range": "short_term",
}
response = requests.get(
"https://api.spotify.com/v1/me/top/tracks", params=data, headers=header
)
So now you can safely create an application using the Spotify API. While Spotify is hard to understand where and what is, the API specifications are written in detail. There are surprisingly many things that can be done, so it is an impression that it can be used as a good sample as a starting point for API creation.
By the way, what I'm making now is to post the ranking I heard the previous month on Twitter once a month. I haven't made the post part yet, so I'll make it from now on.
The procedure for making it by hand is the same for other OAuth APIs, so it can be applied effectively. Please try to make various applications by hitting various APIs. However, if you publish it, the API limit will be exceeded immediately, so in that case, let's make the authentication part properly so that it can be done with the UI.
Recommended Posts