Upcoming Navidrome API changes

[deluan]

Hey, really nice app you have here, congrats!

Just to let you know that the API will have some changes when the upcoming BFR release (navidrome/navidrome#2709) is merged, which could break your app. This PR and its changes are being discussed in our Discord, you are welcome to join.

On that note, after the next release, I'll start working on the new UI and most possibly a new API as well, and I plan to make it stable and public, so clients like yours will be shielded from these kind of breaking changes. The current API was never meant to be used by app clients, but as it seems to exist a demand for it, I'll work to make it stable.

One more note: I see you had issues with the session token expiring. Not sure if you know how this is fixed in the UI, but here it is: For each request you do you receive a new token in the X-ND-Authorization header, with its expiration bumped. If you keep replacing the token used to talk to the server, it will only expire if the app does not talk to the server for 24 hours.

And the SessionTimeout is also configurable. See SessionTimeout in the configuration options

Hope this information is useful. Cheers!

[faultables]

Hey, thanks!

The BFR release looks exciting especially for the user with big libraries!

On that note, after the next release, I'll start working on the new UI and most possibly a new API as well, and I plan to make it stable and public, so clients like yours will be shielded from these kind of breaking changes. The current API was never meant to be used by app clients, but as it seems to exist a demand for it, I'll work to make it stable.

This is great! Also, I'm aware of the risks of using private APIs; I just wasn't aware that some people are already using my app at this stage. So I think I must keep everyone happy too :D

The current web UI works great, but sometimes it doesn't work well on Safari (my primary browser on mac). I think the problem might be with the service worker as it starts working again when I force reload the UI. On my Linux laptop (using Firefox) it works perfectly fine

One more note: I see you had issues with the session token expiring. Not sure if you know how this is fixed in the UI, but here it is: For each request you do you receive a new token in the X-ND-Authorization header, with its expiration bumped. If you keep replacing the token used to talk to the server, it will only expire if the app does not talk to the server for 24 hours.

Woah this is very important! I wasn't aware of the SessionTimeout and I've been using absolutely the default one (24h). That answers my question from when I first developed the app 4 months ago.

This works fine in the web UI but it looks weird specifically on my app (which supports offline listening) so i tried a quick-and-dirty approach where flo sends a POST request to /login every time users open the app regardless of the session state (fortunately Navidrome currently doesn't store sessions in a dedicated/persisted way so flo doesn't spam the entries). However, this functionality is opt-in and will likely be removed in a future version to better respect user's provided SessionTimeout config

Out of topic — do you have plans to publish some of the anonymous data collection to the public? Based on the Navidrome Discord, there are 111 Navidrome instances using flo (which I think is a pretty big number for me) and knowing the Navidrome version per player would also be super useful! I include the "this version was tested on Navidrome version X" information in every release notes so people can set expectations when something is not working on flo's end, and I can set expectations that flo will (hopefully) work as long as their Navidrome version matches mine

Thank you!

[deluan]

This works fine in the web UI but it looks weird specifically on my app (which supports offline listening) so i tried a quick-and-dirty approach where flo sends a POST request to /login every time users open the app regardless of the session state (fortunately Navidrome currently doesn't store sessions in a dedicated/persisted way so flo doesn't spam the entries). However, this functionality is opt-in and will likely be removed in a future version to better respect user's provided SessionTimeout config

We will soon add apikeys to the Subsonic API, and my plan is that the Native API will also be able to use them. API Keys will not expire, making it easier for apps using the Native API.

do you have plans to publish some of the anonymous data collection to the public?

Yes, as soon as I have time to do it. I want to put in place something like this: https://lyrion.org/analytics/

knowing the Navidrome version per player would also be super useful!

I may not add this in the public page, but I may create a simple API in the Insights server that could be used to query this kind of info. Let's see how much time I have to work on that. The server is open source, so feel free to send a PR if you want it sooner than later :)