Animated portrait of the website's author, Pheak

How to get the Spotify Refresh Token

2 min read

In this blog, I'll show you 2 approaches to generate the Spotify Refresh Token and then use that to programmatically create an access token when needed.

I needed the Spotify Refresh Token for my blog site in which I could display the currently playing track in the footer section.

First Approach

Step 1: Generate your Spotify client_id and client_secret

  • Go to Spotify developers dashboard.

  • Then select or create your app.

  • Note down your Client ID and Client Secret in a convenient location to use in Step 3.

Step 2: Add Redirect URIs to your Spotify app

  • Open settings for your app.

  • Add http://localhost:3000 to your Redirect URIs as shown in the image.

  • Click on save

Spotify Settings

Step 3: Get your Spotify refresh Token

We need to generate a refresh token which will further be used to generate access tokens whenever someone visits the webpage.

  • Create the following link with your client id and refresh token.

  • User scopes are used to restrict the access to information, only the information they choose to share will be shared. In order to use the currently playing endpoint we need to set the scope variable to user-read-currently-playing.

  https://accounts.spotify.com/authorize?response_type=code&client_id=$CLIENT_ID&scope=$SCOPE&redirect_uri=$REDIRECT_URI
  https://accounts.spotify.com/authorize?response_type=code&client_id=$CLIENT_ID&scope=$SCOPE&redirect_uri=$REDIRECT_URI
  • Click on Authorize. Then you’ll will be redirected to the redirect URI. In the URL, make note of the value in the code attribute. We’ll be using that to generate a refresh token.
  http://localhost:3000/?code=<your_code>
  http://localhost:3000/?code=<your_code>

  • In order to generate a refresh token, we need a base64 encoded string containing the client ID and secret from earlier in the following format ‘clientid:clientsecret’. You can generate the string online here — https://www.base64encode.org/

  • Once you have the encoded string, run the following curl command. You can run it here — https://reqbin.com/curl

curl -H "Authorization: Basic <your base64 clientid:clientsecret>"
-d grant_type=authorization_code -d code=<your_code> -d redirect_uri=http%3A%2F%2Flocalhost:3000 https://accounts.spotify.com/api/token
curl -H "Authorization: Basic <your base64 clientid:clientsecret>"
-d grant_type=authorization_code -d code=<your_code> -d redirect_uri=http%3A%2F%2Flocalhost:3000 https://accounts.spotify.com/api/token
  • The resulting JSON string will look something like this. Note down the refresh_token. This token will last for a very long time and can be used to generate a fresh access_token whenever it is needed.
  {
    "access_token": "ACCESS_TOKEN",
    "token_type": "Bearer",
    "expires_in": 3600,
    "refresh_token": "REFRESH_TOKEN",
    "scope": "playlist-modify-private"
  }
  {
    "access_token": "ACCESS_TOKEN",
    "token_type": "Bearer",
    "expires_in": 3600,
    "refresh_token": "REFRESH_TOKEN",
    "scope": "playlist-modify-private"
  }