A Next.js application integrated with the Spotify Web API to access your music data.
- 🎵 Spotify OAuth authentication
- 🔐 Secure token management with httpOnly cookies
- 👤 Access user profile information
- 🎧 View top tracks, artists, and recently played songs
- 📱 Modern, responsive UI with Tailwind CSS
- 🔒 HTTPS support for local development
- Node.js 18+ installed
- A Spotify account
- Spotify Developer account (free)
- Go to Spotify Developer Dashboard
- Log in with your Spotify account
- Click "Create app"
- Fill in the app details:
- App name: Melody (or your preferred name)
- App description: Your description
- Redirect URI:
https://localhost:3000/api/auth/callback - Which API/SDKs are you planning to use?: Check "Web API"
- Click "Save"
- On your app page, click "Settings"
- Copy your Client ID and Client Secret
-
Copy the example environment file:
cp .env.example .env.local
-
Open
.env.localand replace the placeholders with your actual credentials:SPOTIFY_CLIENT_ID=your_actual_client_id SPOTIFY_CLIENT_SECRET=your_actual_client_secret SPOTIFY_REDIRECT_URI=https://localhost:3000/api/auth/callback SPOTIFY_SCOPES=user-read-private user-read-email user-top-read user-read-recently-played playlist-read-private
npm installThe app is configured to run with HTTPS:
npm run devOpen https://localhost:3000 in your browser.
Note: You may see a security warning about the self-signed certificate. This is normal for local development. Click "Advanced" and "Proceed to localhost" to continue.
- Click "Login with Spotify" on the home page
- You'll be redirected to Spotify's authorization page
- Approve the permissions
- You'll be redirected back to
/dashboardwhere you can see:- Your Spotify profile
- Your access token
- Example code for making API requests
melody/
├── src/
│ ├── app/
│ │ ├── api/
│ │ │ └── auth/
│ │ │ ├── login/route.ts # Initiate OAuth flow
│ │ │ ├── callback/route.ts # Handle OAuth callback
│ │ │ └── token/route.ts # Get/refresh access token
│ │ ├── dashboard/
│ │ │ └── page.tsx # Protected dashboard page
│ │ ├── layout.tsx # Root layout
│ │ ├── page.tsx # Home page
│ │ └── globals.css # Global styles
│ └── lib/
│ └── spotify.ts # Spotify API utilities
├── .env.local # Your environment variables (not in git)
├── .env.example # Example environment variables
└── package.json
- GET
/api/auth/login: Initiates Spotify OAuth flow - GET
/api/auth/callback: Handles OAuth callback and exchanges code for tokens - GET
/api/auth/token: Returns current access token or refreshes if expired
Once authenticated, you can make requests to the Spotify API:
const response = await fetch("https://api.spotify.com/v1/me/top/tracks", {
headers: {
Authorization: `Bearer ${accessToken}`,
},
});
const data = await response.json();With the default scopes, you can access:
GET /v1/me- Get current user's profileGET /v1/me/top/tracks- Get user's top tracksGET /v1/me/top/artists- Get user's top artistsGET /v1/me/player/recently-played- Get recently played tracksGET /v1/me/playlists- Get user's playlists
See Spotify Web API Reference for more endpoints.
- Tokens are stored in httpOnly cookies to prevent XSS attacks
- State parameter is used to prevent CSRF attacks
- Refresh tokens are stored securely and used to get new access tokens
- Never commit
.env.localto version control
To request different permissions, modify the SPOTIFY_SCOPES in .env.local. Available scopes are listed in the Spotify Authorization Scopes documentation.
Make sure the redirect URI in your .env.local exactly matches the one in your Spotify app settings (including https://).
Clear your cookies and try logging in again.
Your refresh token may have expired. Log out and log in again.
MIT