Token Swap and Refresh

Access tokens issued from the Spotify account service has a lifetime of one hour. The iOS-SDK provides helper functionality to simplify the use of the Code grant flow.

By setting tokenSwapURL and tokenRefreshURL it is possible for the iOS-SDK to request a new access token with a refresh token whenever needed. The iOS-SDK demo project has a Ruby example of the needed back-end services. The example is not recommended for use in production.

This page contains a description of the requests made by the iOS-SDK and the expected responses.

tokenSwapURL

Swaps a code for an access token and a refresh token.

Request Headers

Header	Value
Content-Type	application/x-www-form-urlencoded

Request Body

Parameter	description
code	The code returned from Spotify account service to be used in the token request.

Request Example


_10curl -X POST "https://example.com/v1/swap” -H "Content-Type: application/x-www-form-urlencoded" --data “code=AQDy8...xMhKNA”

Expected Response Headers

Header	Value
Content-Type	application/json

Expected Response Body Parameters

Parameters must be JSON encoded.

Parameter	description
access_token	Access token received from Spotify account service.
expires_in	The time period (in seconds) for which the access token is valid. Returned from the Spotify account service.
refresh_token	The refresh token returned from the Spotify account service. It should not return the actual refresh token but a reference to the token or an encrypted version of the token. Encryption solution is shown in the ruby example.

Response Example


_10{
_10 "access_token" : "NgAagA...Um_SHo",
_10 "expires_in" : "3600",
_10 "refresh_token" : "NgCXRK...MzYjw"
_10}

tokenRefreshURL

Uses the refresh token to get a new access token.