Spotify Web API

Provides access to Spotify's music catalog and user account data, including playlist management, playback control, track/album/artist metadata, search, recommendations, and user listening history.

Evaluated Mar 06, 2026 (0d ago) vcurrent
Homepage ↗ Repo ↗ Other spotify music playlist streaming audio playback oauth2
⚙ Agent Friendliness
53
/ 100
Can an agent use this?
🔒 Security
87
/ 100
Is it safe for agents?
⚡ Reliability
76
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
82
Error Messages
72
Auth Simplicity
70
Rate Limits
55

🔒 Security

TLS Enforcement
100
Auth Strength
85
Scope Granularity
88
Dep. Hygiene
78
Secret Handling
82

HTTPS enforced on all endpoints. OAuth 2.0 scopes are well-granulated per capability. PKCE flow supported for public clients. Client secrets must be kept server-side. No webhook signature verification (webhooks not supported).

⚡ Reliability

Uptime/SLA
75
Version Stability
80
Breaking Changes
75
Error Recovery
72
AF Security Reliability

Best When

An agent needs to interact with a user's Spotify account for playback control, playlist management, or music discovery within Spotify's ecosystem.

Avoid When

You need audio file access, offline playback without the Spotify client, or music from catalogs outside Spotify.

Use Cases

  • Building music discovery agents that create playlists based on mood or activity
  • Controlling Spotify playback from smart home or productivity agents
  • Analyzing user listening habits and generating personalized recommendations
  • Syncing playlist content across apps or building social music features
  • Fetching track metadata, audio features, and popularity data for music analytics

Not For

  • Downloading or redistributing audio content
  • Commercial music services that compete with Spotify
  • Accessing music from non-Spotify catalogs

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
No

Authentication

Methods: oauth2
OAuth: Yes Scopes: Yes

OAuth 2.0 with three flows: Authorization Code (user-facing agents), Client Credentials (catalog-only, no user context), and PKCE (mobile/SPA). Scopes are granular per feature area (e.g., playlist-modify-public, user-read-playback-state). Access tokens expire in 1 hour and require refresh token rotation.

Pricing

Model: freemium
Free tier: Yes
Requires CC: No

API itself is free. Apps in development mode are limited to 25 Spotify users until approved for extended access. Playback-related endpoints require the end user to have a Spotify Premium subscription.

Agent Metadata

Pagination
cursor
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • Rate limits are undocumented and enforced dynamically - agents must handle 429 with Retry-After header
  • Access tokens expire in exactly 3600 seconds - agents must implement proactive token refresh before expiry
  • Playback control endpoints silently fail if user does not have Spotify Premium - returns 403 PREMIUM_REQUIRED
  • Development mode apps can only have 25 users total until app review approval, blocking production agent deployments
  • Active device required for playback - if no Spotify client is active, /me/player/play returns 404 NO_ACTIVE_DEVICE
  • OAuth scopes must be re-requested if new scopes are needed - existing tokens are not upgraded

Alternatives

apple-music-api tidal-api soundcloud-api youtube-music-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Spotify Web API.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5178
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered