Skip to content

Token Swap and Refresh

Access tokens issued from the Spotify account service has a lifetime of one hour. The iOS-SDK provides helper functionality to simplify the use of the Code grant flow.

By setting tokenSwapURL and tokenRefreshURL it is possible for the iOS-SDK to request a new access token with a refresh token whenever needed. The iOS-SDK demo project has a Ruby example of the needed back-end services. The example is not recommended for use in production.

This page contains a description of the requests made by the iOS-SDK and the expected responses.

tokenSwapURL

Swaps a code for an access token and a refresh token.

Request Headers

HeaderValue
Content-Typeapplication/x-www-form-urlencoded

Request Body

Parameterdescription
codeThe code returned from Spotify account service to be used in the token request.

Request Example


_10
curl -X POST "https://example.com/v1/swap” -H "Content-Type: application/x-www-form-urlencoded" --data “code=AQDy8...xMhKNA”

Expected Response Headers

HeaderValue
Content-Typeapplication/json

Expected Response Body Parameters

Parameters must be JSON encoded.

Parameterdescription
access_tokenAccess token received from Spotify account service.
expires_inThe time period (in seconds) for which the access token is valid. Returned from the Spotify account service.
refresh_tokenThe refresh token returned from the Spotify account service. It should not return the actual refresh token but a reference to the token or an encrypted version of the token. Encryption solution is shown in the ruby example.

Response Example


_10
{
_10
"access_token" : "NgAagA...Um_SHo",
_10
"expires_in" : "3600",
_10
"refresh_token" : "NgCXRK...MzYjw"
_10
}

tokenRefreshURL

Uses the refresh token to get a new access token.

Request Headers

HeaderValue
Content-Typeapplication/x-www-form-urlencoded

Request Body

Parameterdescription
refresh_tokenThe refresh_token value previously returned from the token swap endpoint.

Request Example


_10
curl -X POST "https://example.com/v1/refresh" -H "Content-Type: application/x-www-form-urlencoded" --data "refresh_token=NgCXRK...MzYjw"

Expected Response Headers

HeaderValue
Content-Typeapplication/json

Expected Response Body Parameters

Parameterdescription
access_tokenAccess token received from Spotify account service.
expires_inThe time period (in seconds) for which the access token is valid. Returned from the Spotify account service.

Response Example


_10
{
_10
"access_token" : "NgAagA...Um_SHo",
_10
"expires_in" : "3600"
_10
}